Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-3324

Published: 17/09/2010 Updated: 23/07/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Internet Explorer

Vulnerability Summary

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote malicious users to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet explorer 8

microsoft sharepoint services 3.0

microsoft groove server 2010

microsoft web apps

microsoft sharepoint foundation 2010

microsoft sharepoint server 2007

Exploits

Exploit DB: Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass
source: wwwsecurityfocuscom/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML Attackers can bypass this protection, allowing script code to execute on the client, for example in a 'postMessage' call Attackers can ...

References

CWE-79http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.htmlhttp://www.wooyun.org/bug.php?action=view&id=189http://support.avaya.com/css/P8/documents/100113324http://www.us-cert.gov/cas/techalerts/TA10-285A.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071https://nvd.nist.govhttps://www.exploit-db.com/exploits/34478/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook