Microsoft » Internet Explorer » 9 : Security Vulnerabilities, CVEs, (XSS)

cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

CVE-2016-7282

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
6.1
EPSS Score
1.10%
Published
2016-12-20
Updated
2018-10-12

CVE-2016-7239

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
3.1
EPSS Score
2.88%
Published
2016-11-10
Updated
2018-10-12

CVE-2016-3273

The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
37.43%
Published
2016-07-13
Updated
2018-10-12

CVE-2016-3212

The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
Max CVSS
6.1
EPSS Score
2.28%
Published
2016-06-16
Updated
2018-10-12

CVE-2015-6164

Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, aka "Internet Explorer XSS Filter Bypass Vulnerability."
Max CVSS
6.8
EPSS Score
2.39%
Published
2015-12-09
Updated
2018-10-12

CVE-2015-6144

Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Browser XSS Filter Bypass Vulnerability."
Max CVSS
4.3
EPSS Score
2.54%
Published
2015-12-09
Updated
2018-10-12

CVE-2015-6138

Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Internet Explorer XSS Filter Bypass Vulnerability."
Max CVSS
4.3
EPSS Score
23.81%
Published
2015-12-09
Updated
2018-10-12

CVE-2015-2398

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability."
Max CVSS
4.3
EPSS Score
18.31%
Published
2015-07-14
Updated
2018-10-12

CVE-2015-0072

Public exploit
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."
Max CVSS
4.3
EPSS Score
97.25%
Published
2015-02-07
Updated
2018-10-12

CVE-2014-6365

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328.
Max CVSS
4.3
EPSS Score
96.58%
Published
2014-12-11
Updated
2018-10-12

CVE-2014-6328

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365.
Max CVSS
5.0
EPSS Score
89.55%
Published
2014-12-11
Updated
2018-10-12

CVE-2013-3192

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
Max CVSS
4.3
EPSS Score
85.97%
Published
2013-08-14
Updated
2018-10-12

CVE-2013-3166

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015.
Max CVSS
4.3
EPSS Score
85.21%
Published
2013-07-10
Updated
2018-10-12

CVE-2012-1872

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
Max CVSS
4.3
EPSS Score
0.58%
Published
2012-06-12
Updated
2023-12-07

CVE-2012-1858

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
Max CVSS
4.3
EPSS Score
96.43%
Published
2012-06-12
Updated
2023-12-07
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close