QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-1858

Back to search

CVE-2012-1858

Published: Jun 12, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

TA12-192A
third-party-advisory
x_refsource_CERT
MS12-050
vendor-advisory
x_refsource_MS
TA12-164A
third-party-advisory
x_refsource_CERT
MS12-037
vendor-advisory
x_refsource_MS
oval:org.mitre.oval:def:15530
vdb-entry
signature
x_refsource_OVAL
MS12-039
vendor-advisory
x_refsource_MS

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now