Vulnerability Description
The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 8 |
Related Weaknesses (CWE)
References
- http://blogs.technet.com/msrc/archive/2010/04/19/guidance-on-internet-explorer-xBroken Link
- http://p42.us/ie8xss/Exploit
- http://p42.us/ie8xss/Abusing_IE8s_XSS_Filters.pdfExploit
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Tool Signature
- http://blogs.technet.com/msrc/archive/2010/04/19/guidance-on-internet-explorer-xBroken Link
- http://p42.us/ie8xss/Exploit
- http://p42.us/ie8xss/Abusing_IE8s_XSS_Filters.pdfExploit
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Tool Signature
FAQ
What is CVE-2010-1489?
CVE-2010-1489 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites th...
How severe is CVE-2010-1489?
CVE-2010-1489 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1489?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer.