Signature Detail
Short Name |
HTTP:STC:IE:HTML-XSS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Internet Explorer HTML Sanitization Cross Site Scripting |
Release Date |
2013/04/08 |
Update Number |
2252 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Internet Explorer HTML Sanitization Cross Site Scripting
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Extended Description
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
Affected Products
- microsoft groove_server 2010 (sp1)
- microsoft infopath 2010 (sp1:x64)
- microsoft infopath 2010 (sp1:x86)
- microsoft office_web_apps 2010 (sp1)
- microsoft sharepoint_foundation 2010 (sp1)
- microsoft sharepoint_server 2010 (sp1)
References
- BugTraq: 58883
- CVE: CVE-2013-1289