Skip to main content

Edge CVE-2015-6176

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2015-12-09 secure@microsoft.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 09, 2015 - 11:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."

AnalysisAI

Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability." Affected products include: Microsoft Edge.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Edge

View all
CVE-2017-0070 HIGH POC
7.5 Mar 17

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling object

CVE-2016-7286 HIGH POC
7.5 Dec 20

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (m

CVE-2017-8636 HIGH POC
7.5 Aug 08

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Serve

CVE-2017-8671 HIGH POC
7.5 Aug 08

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary

CVE-2017-8656 HIGH POC
7.5 Aug 08

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code

CVE-2017-8646 HIGH POC
7.5 Aug 08

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t

CVE-2017-8645 HIGH POC
7.5 Aug 08

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t

CVE-2017-8640 HIGH POC
7.5 Aug 08

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary cod

CVE-2017-8601 HIGH POC
7.5 Jul 11

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute

CVE-2017-11870 HIGH POC
7.5 Nov 15

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the

CVE-2017-11841 HIGH POC
7.5 Nov 15

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, versio

CVE-2017-11840 HIGH POC
7.5 Nov 15

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, versio

Share

CVE-2015-6176 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy