Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-0072

Published: 07/02/2015 Updated: 12/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Internet Explorer

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote malicious users to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet explorer 9

microsoft internet explorer 10

microsoft internet explorer 11

Exploits

Exploit DB: Microsoft Internet Explorer Universal XSS Proof Of Concept
Proof of concept demonstration code for the universal cross site scripting vulnerability that affects Microsoft Internet Explorer as defined in CVE-2015-0072 ...

Github Repositories

https://github.com/dbellavista/uxss-poc

Universal xss PoC with multiple target sites (CVE-2015-0072)

Universal Cross Site Scripting PoC This is a PoC for CVE-2015-0072 for sequentialy get the targeted websites cookies Disclaimer This Proof of Concept is for educational purpose only Please do not use it against any system without prior permission You are responsible for yourself for what you do with this code Improvement In order for the exploit to work, the javascript inje

References

CWE-79http://www.pcworld.com/article/2879372/dangerous-ie-vulnerability-opens-door-to-powerful-phishing-attacks.htmlhttps://nakedsecurity.sophos.com/2015/02/04/internet-explorer-has-a-cross-site-scripting-zero-day-bug/http://community.websense.com/blogs/securitylabs/archive/2015/02/05/another-day-another-zero-day-internet-explorer-s-turn-cve-2015-0072.aspxhttp://seclists.org/fulldisclosure/2015/Feb/0http://innerht.ml/blog/ie-uxss.htmlhttp://www.securityfocus.com/bid/72489http://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.htmlhttp://secunia.com/advisories/62658http://www.securitytracker.com/id/1031888https://exchange.xforce.ibmcloud.com/vulnerabilities/100606http://www.securityfocus.com/archive/1/534662/100/0/threadedhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018https://nvd.nist.govhttps://github.com/dbellavista/uxss-pochttps://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook