Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
| Vendor | Product | Versions |
|---|---|---|
| microsoft | edge_chromium | 1.0.0.0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| microsoft | edge | cert_advisory | 90% |
Updated severity to CRITICAL and affected versions to include 149.0.4022.68, with no patch available.
Added a detailed description of the vulnerability and marked it as actively exploited with an exploit available.
Initial creation