mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
118 lines
4.3 KiB
JSON
118 lines
4.3 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2015-0072",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka \"Universal XSS (UXSS).\""
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "20150209 Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072)",
|
|
"refsource" : "BUGTRAQ",
|
|
"url" : "http://www.securityfocus.com/archive/1/534662/100/0/threaded"
|
|
},
|
|
{
|
|
"name" : "20150131 Major Internet Explorer Vulnerability - NOT Patched",
|
|
"refsource" : "FULLDISC",
|
|
"url" : "http://seclists.org/fulldisclosure/2015/Feb/0"
|
|
},
|
|
{
|
|
"name" : "http://community.websense.com/blogs/securitylabs/archive/2015/02/05/another-day-another-zero-day-internet-explorer-s-turn-cve-2015-0072.aspx",
|
|
"refsource" : "MISC",
|
|
"url" : "http://community.websense.com/blogs/securitylabs/archive/2015/02/05/another-day-another-zero-day-internet-explorer-s-turn-cve-2015-0072.aspx"
|
|
},
|
|
{
|
|
"name" : "http://innerht.ml/blog/ie-uxss.html",
|
|
"refsource" : "MISC",
|
|
"url" : "http://innerht.ml/blog/ie-uxss.html"
|
|
},
|
|
{
|
|
"name" : "http://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html",
|
|
"refsource" : "MISC",
|
|
"url" : "http://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html"
|
|
},
|
|
{
|
|
"name" : "http://www.pcworld.com/article/2879372/dangerous-ie-vulnerability-opens-door-to-powerful-phishing-attacks.html",
|
|
"refsource" : "MISC",
|
|
"url" : "http://www.pcworld.com/article/2879372/dangerous-ie-vulnerability-opens-door-to-powerful-phishing-attacks.html"
|
|
},
|
|
{
|
|
"name" : "https://nakedsecurity.sophos.com/2015/02/04/internet-explorer-has-a-cross-site-scripting-zero-day-bug/",
|
|
"refsource" : "MISC",
|
|
"url" : "https://nakedsecurity.sophos.com/2015/02/04/internet-explorer-has-a-cross-site-scripting-zero-day-bug/"
|
|
},
|
|
{
|
|
"name" : "MS15-018",
|
|
"refsource" : "MS",
|
|
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018"
|
|
},
|
|
{
|
|
"name" : "72489",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/72489"
|
|
},
|
|
{
|
|
"name" : "1031888",
|
|
"refsource" : "SECTRACK",
|
|
"url" : "http://www.securitytracker.com/id/1031888"
|
|
},
|
|
{
|
|
"name" : "62658",
|
|
"refsource" : "SECUNIA",
|
|
"url" : "http://secunia.com/advisories/62658"
|
|
},
|
|
{
|
|
"name" : "ms-ie-cve20150072-xss(100606)",
|
|
"refsource" : "XF",
|
|
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100606"
|
|
}
|
|
]
|
|
}
|
|
}
|