CVE-2017-0135
MEDIUMMicrosoft Edge - Same Origin Policy Bypass for HTML Elements
Title source: llmDescription
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
https://www.freebuf.com/articles/web/164871.html
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038006
Various Sources x_refsource_misc
https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96656
Scores
CVSS v3
4.2
EPSS
0.2247
EPSS Percentile
95.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
Status
published
Products (2)
microsoft/edge
Microsoft Corporation/Edge
Edge
Published
Mar 17, 2017
Tracked Since
Feb 18, 2026