Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-24892Open Redirect in Microsoft Edge

CWE-601Open RedirectCWE-290Authentication Bypass by Spoofing5 documents5 sources
Severity
8.2HIGHNVD
EPSS
8.0%
top 7.88%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft EdgeMicrosoft Edge Chromium
Timeline
PublishedMar 14
Latest updateApr 10

Description

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.7

Affected Packages2 packages

NVDmicrosoft/edge_chromium< 111.0.1661.41
CVEListV5microsoft/microsoft_edge1.0.0111.0.1661.41

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

2
CVEList
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability2023-03-14
GHSA
GHSA-wrpf-cfwg-7hxv: Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability2023-03-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing2023-04-10

📋Vendor Advisories

1
Microsoft
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability2023-03-14
CVE-2023-24892 — Open Redirect in Microsoft Edge | cvebase