CVE-2018-8388 — Authentication Bypass by Spoofing in Microsoft Edge

CWE-290 — Authentication Bypass by Spoofing7 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

2.4%

top 14.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge

Timeline

PublishedAug 15

Latest updateMay 13

Description

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_edge9 versions+8

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-2g5m-5chx-p2ww: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability↗2022-05-13

▶

GHSA

GHSA-jw83-p6j3-cg9w: A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability↗2022-05-13

▶

CVEList

CVE-2018-8388: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability↗2018-08-15

▶

CVEList

CVE-2018-8383: A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability↗2018-08-15

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Spoofing Vulnerability↗2018-08-14

▶