Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0072Cross-site Scripting in Microsoft Internet Explorer

CWE-79Cross-site Scripting10 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
88.6%
top 0.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedFeb 7
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-w5f7-x6mf-vc7q: Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inje2022-05-14
VulnCheck
Microsoft Internet Explorer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2015

💥Exploits & PoCs

1
Metasploit
MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched2015-03-10
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched2015-03-10
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-10-2015

💬Community

2
HackerOne
HackerOne is still prone to Internet Explorer UXSS2017-04-19
Bugzilla
CVE-2015-7975 ntp: nextvar() missing length check in ntpq2016-01-20
CVE-2015-0072 — Cross-site Scripting in Microsoft | cvebase