CVE-2012-0007

Microsoft Anti-cross Site Scripting Library - XSS

Title source: rule

Description

The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Adi Cohen · textremotewindows

https://www.exploit-db.com/exploits/36507

View Code ZIP pw:eip

References (7)

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA12-010A.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14314

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51291

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-007

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026499

[Third Party Advisory] http://secunia.com/advisories/47483

[Third Party Advisory] http://secunia.com/advisories/47516

Scores

EPSS 0.5921

EPSS Percentile 98.2%

Classification

CWE

CWE-79

Status published

Affected Products (3)

microsoft/anti-cross_site_scripting_library

microsoft/anti-cross_site_scripting_library

n/a/n/a

Timeline

Published Jan 10, 2012

Tracked Since Feb 18, 2026