CVE-2017-0135

MEDIUM

Microsoft Edge - CSRF

Title source: llm

Description

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.

References (5)

[Various Sources] https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135

[Various Sources] https://www.freebuf.com/articles/web/164871.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96656

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038006

Scores

CVSS v3 4.2

EPSS 0.2247

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Classification

Status published

Affected Products (2)

microsoft/edge

Microsoft Corporation/Edge < Edge

Timeline

Published Mar 17, 2017

Tracked Since Feb 18, 2026