Posted by Diéyǔ on Jan 13

Origin:
Visit https://technet.microsoft.com/library/security/ms14-080
Go to “Acknowledgments” part and search for “CVE-2014-6365”
It says “Dieyu” – that’s me.

Technical Details:
“Internet Explorer XSS Filter Bypass Vulnerability” is done by…
1. Inject “a href” link into target page.
(Not script, allowed by filter)
2. User clicks this injected link.
(Clickjacking etc)
3. URL of this…