VYPR
Unrated severityNVD Advisory· Published Jun 12, 2012· Updated Jun 16, 2026

CVE-2012-1858

CVE-2012-1858

Description

The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
    • (no CPE)range: 8, 9
  • Microsoft/Lync4 versions
    cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*
    • cpe:2.3:a:microsoft:lync:2010:*:x64:*:*:*:*:*
    • cpe:2.3:a:microsoft:lync:2010:*:x86:*:*:*:*:*
    • (no CPE)range: 2010, 2010 Attendee
  • cpe:2.3:a:microsoft:office_communicator:2007:r2:*:*:*:*:*:*
  • Range: 2007 R2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.