NVD

Id
14729  
Name
CVE-2010-3324  
Description
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2010-09-17  
Modified Date
2011-10-06  
Seq
2010-3324  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
81612 14729 CVE-2010-3324 20100814 IE8 toStaticHtml Bypass  View
81613 14729 CVE-2010-3324 oval:org.mitre.oval:def:7297  View
81614 14729 CVE-2010-3324 http://support.avaya.com/css/P8/documents/100113324  View
81615 14729 CVE-2010-3324 MS10-071  View
81616 14729 CVE-2010-3324 MS10-072  View
81617 14729 CVE-2010-3324 TA10-285A  View
81618 14729 CVE-2010-3324 http://www.wooyun.org/bug.php?action=view&id=189  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
36389 JVNDB-2010-002169 複数の Microsoft 製品の toStaticHTML 関数 および SafeHTML 関数におけるクロスサイトスクリプティングの脆弱性 複数の Microsoft 製品の toStaticHTML および SafeHTML 関数には、クロスサイトスクリプティングに対する保護メカニズムを回避され、攻撃を実行される脆弱性が存在します。 CVE-2010-3324 45904 CVE-2010-3324 14729 4.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002169.html 2010-10-12 2010-12-03 View