CVE-2008-5554
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
12/12/2008
Last modified:
09/04/2025
Description
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:internet_explorer:8:beta2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/archive/1/499124/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47277
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47443
- http://www.securityfocus.com/archive/1/499124/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47277
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47443