CVE-2015-6176

Microsoft Edge - XSS

Title source: rule

Description

Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."

Exploits (1)

exploitdb WORKING POC

by nu11secur1ty · textremotewindows

https://www.exploit-db.com/exploits/52372

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034316

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125

Scores

EPSS 0.0430

EPSS Percentile 88.7%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

microsoft/edge

Timeline

Published Dec 09, 2015

Tracked Since Feb 18, 2026