How severe is CVE-2017-8523?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2017-8523?

This is classified as CWE-346, which is a common weakness in software security.

CVE-2017-8523 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.

Related Vulnerabilities

CVE-2018-8112

MEDIUM

CVSS:4.3(Medium)

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft ...

CWE-3462018

CVE-2018-8235

MEDIUM

CVSS:4.3(Medium)

CWE-3462018

CVE-2019-1413

MEDIUM

CVSS:4.3(Medium)

A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass ...

CWE-3462019

CVE-2020-12397

MEDIUM

CVSS:4.3(Medium)

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

CWE-3462020

CVE-2020-28481

MEDIUM

CVSS:4.3(Medium)

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.

CWE-3462020

CVE-2021-21183

MEDIUM

CVSS:4.3(Medium)

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-3462021