CVE-2016-7206Cross-site Scripting in Microsoft Edge ON Windows 10 FOR 32-bit Systems

CWE-79Cross-site Scripting10 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
7.8%
top 8.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Msrc Microsoft Edge ON Windows 10 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 FOR X64-based SystemsMsrc Microsoft Edge ON Windows 10 Version 1511 FOR 32-bit Systems+4 more
Timeline
PublishedDec 20
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages7 packages

🔴Vulnerability Details

2
GHSA
GHSA-8fhf-75fw-x2xx: Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka2022-05-14
GHSA
GHSA-vc5r-c496-3px9: Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka2022-05-14

📋Vendor Advisories

1
Microsoft
Microsft Browser Information Disclosure Vulnerability2016-12-13

🕵️Threat Intelligence

5
Talos
Microsoft Patch Tuesday - December 20162016-12-13
Talos
Microsoft Patch Tuesday - December 20162016-12-13
Qualys
Microsoft Ends 2016 with 15% Increase in Bulletin Volume2016-12-13
Qualys
Microsoft Ends 2016 with 15% Increase in Bulletin Volume | Qualys2016-12-13
Zscaler
Zscaler found Multiple Security Vulnerabilities | 12-13-2016