CVE-2016-7239 — Cross-site Scripting in Microsoft Internet Explorer

CWE-79 — Cross-site Scripting CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

3.1LOWNVD

EPSS

13.5%

top 5.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedNov 10

Latest updateMay 14

Description

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

🔴Vulnerability Details

GHSA

GHSA-ggwj-4xw9-ff5x: The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripti↗2022-05-14

▶

CVEList

CVE-2016-7239: The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripti↗2016-11-10

▶

📋Vendor Advisories

Microsoft

Microsoft Browser Information Disclosure Vulnerability↗2016-11-08

▶