Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-30 | CVE-2009-0369 | Remote Security vulnerability in Microsoft Internet Explorer 7 Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. network microsoft | 4.3 |
| 2009-01-28 | CVE-2008-3358 | Cross-Site Scripting vulnerability in SAP Netweaver Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document. | 4.3 |
| 2009-01-21 | CVE-2008-5917 | Cross-Site Scripting vulnerability in Horde Application Framework 3.2.2/3.3 Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. | 4.3 |
| 2008-12-29 | CVE-2008-5750 | Code Injection vulnerability in Microsoft Internet Explorer 8 Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. | 6.8 |
| 2008-12-12 | CVE-2008-5555 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | 4.3 |
| 2008-12-12 | CVE-2008-5554 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. | 4.3 |
| 2008-12-12 | CVE-2008-5553 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. | 4.3 |
| 2008-12-12 | CVE-2008-5552 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. | 4.3 |
| 2008-12-12 | CVE-2008-5551 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8 The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection." | 4.3 |
| 2008-10-29 | CVE-2008-4788 | Remote Security vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900. | 5.0 |