CVE-2011-1252

MEDIUM

Microsoft Internet Explorer - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."

References (5)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA11-256A.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12577

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12885

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074

Scores

CVSS v3 6.1

EPSS 0.1893

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (2)

microsoft/internet_explorer

microsoft/internet_explorer

Timeline

Published Jun 16, 2011

Tracked Since Feb 18, 2026