CVE-2018-8545 — Sensitive Information Exposure in Microsoft Edge
5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
13.2%
top 5.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 14
Latest updateMay 13
Description
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages1 packages
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-85hh-q852-qxx6: An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosur↗2022-05-13
CVEList▶
CVE-2018-8545: An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosur↗2018-11-14
📋Vendor Advisories
1💬Community
1Bugzilla▶
Stealing of URL cross-domain using performance.getEntries() once again, treat meta refresh channel as a redirect by setting result principal URL↗2018-06-13