CVE-2015-6058

Name of the Vulnerable Software and Affected Versions Microsoft Edge (affected versions not specified)

Description The issue exists due to an error in the procedure for checking HTML attributes in Microsoft Edge, allowing a remote attacker to bypass the cross-site scripting protection mechanism. This bypass could enable initially disabled scripts to run in the wrong security context, leading to information disclosure. An attacker who successfully exploits this bypass could cause a script to run on another user's system in the guise of a third-party website, potentially taking any action on the user's system that the third-party website is permitted to take. The bypass can only be exploited if the user clicks a hypertext link, either in an HTML email or by visiting an attacker's website or a website containing content under the attacker's control.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.