CVE-2016-7282 — Cross-site Scripting in Microsoft Internet Explorer

CWE-79 — Cross-site Scripting9 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

5.5%

top 9.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedDec 20

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

🔴Vulnerability Details

GHSA

GHSA-frp2-ww75-g7h6: Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary we↗2022-05-14

▶

CVEList

CVE-2016-7282: Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary we↗2016-12-20

▶

📋Vendor Advisories

Microsoft

Microsft Browser Information Disclosure Vulnerability↗2016-12-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - December 2016↗2016-12-13

▶

Talos

Microsoft Patch Tuesday - December 2016↗2016-12-13

▶

Qualys

Microsoft Ends 2016 with 15% Increase in Bulletin Volume↗2016-12-13

▶

Qualys

Microsoft Ends 2016 with 15% Increase in Bulletin Volume | Qualys↗2016-12-13

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 12-13-2016↗

▶