CVE-2023-21794

Опубликовано: 09 фев. 2023

Источник: msrc

CVSS3: 4.3

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Spoofing Vulnerability

FAQ

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?

The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.

What is the version information for this release?

Microsoft Edge Version	Date Released	Based on Chromium Version
110.0.1587.41	2/9/2023	110.0.5481.78

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 47%

0.00244

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2023-21794

CVSS3: 4.3

nvd

почти 3 года назад

Microsoft Edge (Chromium-based) Spoofing Vulnerability

GHSA-wghg-w3ff-3454

CVSS3: 4.3

github

почти 3 года назад

Microsoft Edge (Chromium-based) Spoofing Vulnerability

BDU:2023-00867

CVSS3: 4.3

fstec

почти 3 года назад

Уязвимость браузеров Microsoft Edge, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки

EPSS

Процентиль: 47%

0.00244

Низкий

4.3 Medium

CVSS3