CVE-2009-4074

medium Microsoft
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Score
19.7%
Exploitation probability in 30 days
Top 5% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Published: November 25, 2009 (6014 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."

CWE

NVD-CWE-Other

Affected Products

microsoft internet explorer

References

🔗 hackademix.net 🔗 www.owasp.org 🔗 www.securityfocus.com 🔗 www.theregister.co.uk 🔗 docs.microsoft.com