CVSS: 5.3EPSS: 10%CPEs: 101EXPL: 1CVE-2010-5071
https://notcve.org/view.php?id=CVE-2010-5071
07 Dec 2011 — The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. La ejecución de JavaScript en Microsoft Internet Explorer v8.0 y anteriores, no restringe adecuadamente el conjunto de valores contenidos en el objeto devuelto por el método getComputedStyle, lo que permite a atacan... • http://w2spconf.com/2010/papers/p26.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 22%CPEs: 101EXPL: 1CVE-2002-2435
https://notcve.org/view.php?id=CVE-2002-2435
07 Dec 2011 — The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. La implementación de las Hojas de Estilo en Cascada (CSS) en Microsoft Internet Explorer, no controla correctamente el :visited pseudo-class, lo que permite a atacantes remotos obtener información sensible acerca de ... • http://bugzilla.mozilla.org/show_bug.cgi?id=147777 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 200EXPL: 1CVE-2011-2379
https://notcve.org/view.php?id=CVE-2011-2379
09 Aug 2011 — Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Bugzilla 2.4 hasta la versión 2.22.7, 3.0.x hasta la... • http://secunia.com/advisories/45501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 4%CPEs: 59EXPL: 0CVE-2011-0248 – Apple Quicktime Media Link src Parameter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0248
04 Aug 2011 — Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file. Desbordamiento de buffer de pila en el control ActiveX de QuickTime de Apple QuickTime en versiones anteriores a la 7.7 en Windows. Cuando se utiliza Internet Explorer, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de s... • http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 35%CPEs: 97EXPL: 0CVE-2011-2382
https://notcve.org/view.php?id=CVE-2011-2382
03 Jun 2011 — Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. Microsoft Internet Explorer v8 y versiones anteriores, y la beta de Internet Explorer v9, no restringen adecuadamente las acciones de arrastrar y soltar a t... • http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 35%CPEs: 8EXPL: 0CVE-2011-2383
https://notcve.org/view.php?id=CVE-2011-2383
03 Jun 2011 — Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release. M... • http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 141EXPL: 1CVE-2011-1765
https://notcve.org/view.php?id=CVE-2011-1765
23 May 2011 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587. Vulnerabilidad de ejecución de sec... • http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 139EXPL: 1CVE-2011-1578
https://notcve.org/view.php?id=CVE-2011-1578
27 Apr 2011 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. Ejecución de secuencias de comandos en sitios cruzados (XSS) en MediaWiki antes de 1.16.3, cuando Internet Explorer 6 o versiones ant... • http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 140EXPL: 0CVE-2011-1587
https://notcve.org/view.php?id=CVE-2011-1587
27 Apr 2011 — Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578. Vulnerabilidad de ejecución de ... • http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 39%CPEs: 17EXPL: 0CVE-2010-3243
https://notcve.org/view.php?id=CVE-2010-3243
13 Oct 2010 — Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." Una vulnerabilidad de ejecución de comandos en sitios cruzados en la función toStaticHTML en Microsoft Internet Explorer v8, y la función SafeHTML en Microsoft Windows... • http://support.avaya.com/css/P8/documents/100113324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •