CVE-2018-8530 — Improper Input Validation in Microsoft Edge

CWE-20 — Improper Input Validation7 documents4 sources

Severity

5.4MEDIUMNVD

NVD4.3

EPSS

14.5%

top 5.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge

Timeline

PublishedOct 10

Latest updateMay 14

Description

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_edge6 versions+5

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vhfw-vgr5-4gr8: A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specia↗2022-05-14

▶

GHSA

GHSA-7f9f-g56v-548g: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feat↗2022-05-13

▶

CVEList

CVE-2018-8512: A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specia↗2018-10-10

▶

CVEList

CVE-2018-8530: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feat↗2018-10-10

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Security Feature Bypass Vulnerability↗2018-10-09

▶