XSS in Microsoft Anti-cross_site_scripting_library

CVE-2012-0007

The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site script…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.597 (98.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Anti-cross_site_scripting_library — versions 3.1, 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

51291 (vdb-entry, x_refsource_BID)
TA12-010A (US Government Resource, x_refsource_CERT, third-party-advisory)
1026499 (vdb-entry, x_refsource_SECTRACK)
MS12-007 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:14314 (x_refsource_OVAL, signature, vdb-entry)
47483 (x_refsource_SECUNIA, third-party-advisory)
47516 (x_refsource_SECUNIA, third-party-advisory)