Microsoft » Internet Explorer : Security Vulnerabilities, CVEs, Published In 2009 (XSS)
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."
Max CVSS
4.3
EPSS Score
0.53%
Published
2009-11-25
Updated
2021-07-23
Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312.
Max CVSS
4.3
EPSS Score
6.80%
Published
2009-07-07
Updated
2018-10-10
2 vulnerabilities found