CVE-2014-6328

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 8 through 11

Description The issue allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document. This could lead to information disclosure, as initially disabled scripts could run in the wrong security context. An attacker who successfully exploited this issue could cause script code to run on another user's system, potentially taking any action permitted to a third-party website. The issue could only be exploited if the user clicked on a hypertext link, either in an HTML email or if the user visited an attacker's website or a website containing content under the attacker's control.

Recommendations For Microsoft Internet Explorer versions 8 through 11, at the moment, there is no information about a newer version that contains a fix for this issue.