Microsoft Anti-Cross Site Scripting Library Bypass Vulnerability

Last Update Date: 11 Jan 2012 11:09 Release Date: 11 Jan 2012 5385 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

An information disclosure vulnerability exists when the Microsoft Anti-Cross Site Scripting (AntiXSS) Library incorrectly sanitizes specially crafted HTML. An attacker who successfully exploited this vulnerability could perform a cross-site scripting (XSS) attack on a website that is using the AntiXSS Library to sanitize user provided HTML. This could allow an attacker to pass a malicious script through a sanitization function and expose information not intended to be disclosed. The consequences of the disclosure of this information depends on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to produce information that could be used in an attempt to further compromise the affected system.

Impact

  • Information Disclosure

System / Technologies affected

  • Microsoft Anti-Cross Site Scripting Library V3.x
  • Microsoft Anti-Cross Site Scripting Library V4.0

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows SSL/TLS Protocols Vulnerability

11 Jan 2012 5575 Views

Next

Wireshark Multiple Vulnerabilities

12 Jan 2012 5377 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY