CVE

Id
35673  
CVE No.
CVE-2008-5556  
Status
Candidate  
Description
** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."  
Phase
Assigned (20081212)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
392403 35673 CVE-2008-5556 BUGTRAQ:20081211 Aspect9: Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities  View
392404 35673 CVE-2008-5556 URL:http://www.securityfocus.com/archive/1/archive/1/499124/100/0/threaded  View
392405 35673 CVE-2008-5556 XF:ie-antixss-xss(47277)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
48420 JVNDB-2008-003730 PostEcards におけるデータベースファイルをダウンロードされる脆弱性 PostEcards は、不十分なアクセスコントロールで Web ルート配下に重要な情報を格納するため、データベースファイルをダウンロードされる脆弱性が存在します。 CVE-2008-5560 35673 5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003730.html  View