PRIOn knowledge basePRION:CVE-2015-0072Cross site scripting
5.4 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.972 High
EPSS
Percentile
99.8%
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka “Universal XSS (UXSS).”
| CPE | Name | Operator | Version |
|---|---|---|---|
| internet_explorer | eq | 10 | |
| internet_explorer | eq | 11 | |
| internet_explorer | eq | 9 |
References
community.websense.com/blogs/securitylabs/archive/2015/02/05/another-day-another-zero-day-internet-explorer-s-turn-cve-2015-0072.aspx
innerht.ml/blog/ie-uxss.html
packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html
seclists.org/fulldisclosure/2015/Feb/0
secunia.com/advisories/62658
www.pcworld.com/article/2879372/dangerous-ie-vulnerability-opens-door-to-powerful-phishing-attacks.html
www.securityfocus.com/archive/1/534662/100/0/threaded
www.securityfocus.com/bid/72489
www.securitytracker.com/id/1031888
docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018
exchange.xforce.ibmcloud.com/vulnerabilities/100606
nakedsecurity.sophos.com/2015/02/04/internet-explorer-has-a-cross-site-scripting-zero-day-bug/
Related
5.4 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.972 High
EPSS
Percentile
99.8%