CVE-2017-8523
MEDIUMMicrosoft Edge - Security Feature Bypass via Same Origin Policy Misapplication
Title source: llmDescription
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8523
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98928
Scores
CVSS v3
4.3
EPSS
0.0102
EPSS Percentile
77.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-346
Status
published
Products (2)
microsoft/edge
Microsoft Corporation/Microsoft Edge
Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.
Published
Jun 15, 2017
Tracked Since
Feb 18, 2026