CVE-2018-8278 — Authentication Bypass by Spoofing in Microsoft Edge

CWE-290 — Authentication Bypass by Spoofing15 documents9 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 33.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge

Timeline

PublishedJul 11

Latest updateMay 13

Description

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_edgeWindows 10 Version 1803 for 32-bit Systems, Windows 10 Version 1803 for x64-based Systems+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-jmg8-wcjf-qmf3: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability↗2022-05-13

▶

CVEList

CVE-2018-8278: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability↗2018-07-11

▶

💥Exploits & PoCs

Exploit-DB

OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection↗2018-10-02

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Spoofing Vulnerability↗2018-07-10

▶

🕵️Threat Intelligence

Krebs

Patch Tuesday, July 2018 Edition↗2018-07-11

▶

Trendmicro

July Patch Tuesday: Large Adobe Security Update↗2018-07-11

▶

Trendmicro

July Patch Tuesday: Large Adobe Security Update↗2018-07-11

▶

Trendmicro

July Patch Tuesday: Large Adobe Security Update↗2018-07-11

▶

Trendmicro

July Patch Tuesday: Large Adobe Security Update↗2018-07-11

▶