CVE-2017-0135

EPSS 7.7%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 7.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 mar 2017Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.

Productos afectados

Microsoft Corporation · Edge

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135 https://www.freebuf.com/articles/web/164871.html http://www.securityfocus.com/bid/96656 http://www.securitytracker.com/id/1038006