Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2012-0007

Publish Date: 10 Jan 2012

                							

                source: http://www.securityfocus.com/bid/51291/info

Microsoft Anti-Cross Site Scripting (AntiXSS) Library is prone to a security-bypass vulnerability that affects the sanitization module.

An attacker can exploit this vulnerability to bypass the filter and conduct cross-site scripting attacks. Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials.

Microsoft Anti-Cross Site Scripting Library 3.x and 4.0 are vulnerable.

string data = Microsoft.Security.Application.Sanitizer.GetSafeHtml("a&lt;style&gt;&lt;!--div{font-family:Foo,Bar\\,'a\\a';font-family:';color:expression(alert(1));y'}--&gt;&lt;/style&gt;&lt;div&gt;b&lt;/div&gt;");

string data = Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment("&lt;div style=""&gt;aaa&lt;/div&gt;")

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Microsoft AntiXSS 3/4.0 Library Sanitization Module - Security Bypass

Vulmon Search

About

Products

Connect