CVE-2016-7282

Description

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Microsoft Browser Information Disclosure Vulnerability.

Risk Information

Base Score

4.4

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:T/RC:C

EPSS Score

Exploitation Probability

5.197

Associated Vulnerability

Vulnerability	OS Platform
Microsft Browser Information Disclosure Vulnerability for Windows 10 for x64-based Systems (KB3205383) - Cumulative	Windows
Microsft Browser Information Disclosure Vulnerability for Windows Server 2012 R2 (KB3205401)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB3205401)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 8.1 (KB3205401)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB3206632) - Cumulative	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 10 Version 1607 (KB3206632) - Cumulative	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB3205386) - Cumulative	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 10 Version 1511 (KB3205386) - Cumulative	Windows
Microsft Browser Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB3205394)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB3205394)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 7 (KB3205394)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB3207752)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB3207752)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 7 (KB3207752)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows Server 2012 R2 (KB3205400)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB3205400)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 8.1 (KB3205400)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows Server 2012 (KB3205408)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows Vista for x64-based Systems (KB3208481)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows Server 2008 for x64-based Systems (KB3208481)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows Vista (KB3208481)	Windows
Microsft Browser Information Disclosure Vulnerability for Windows Server 2008 (KB3208481)	Windows
Microsft Browser Information Disclosure Vulnerability for Internet Explorer 9 for Windows Vista for x64-based Systems (KB3203621) - Cumulative	Windows
Microsft Browser Information Disclosure Vulnerability for Internet Explorer 9 for Windows Server 2008 for x64-based Systems (KB3203621) - Cumulative	Windows
Microsft Browser Information Disclosure Vulnerability for Internet Explorer 9 for Windows Vista (KB3203621) - Cumulative	Windows
Microsft Browser Information Disclosure Vulnerability for Windows 10 (KB3205383)	Windows
Microsft Browser Information Disclosure Vulnerability for Internet Explorer 9 for Windows Server 2008 (KB3203621)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-21828	Cumulative Update for Windows 10 for x64-based Systems (KB3205383)
PATCH-21851	December, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3205401)
PATCH-21850	December, 2016 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB3205401)
PATCH-21849	December, 2016 Security Monthly Quality Rollup for Windows 8.1 (KB3205401)
PATCH-21832	Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3206632)
PATCH-21831	Cumulative Update for Windows 10 Version 1607 (KB3206632)
PATCH-21830	Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3205386)
PATCH-21829	Cumulative Update for Windows 10 Version 1511 (KB3205386)
PATCH-21840	December, 2016 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB3205394)
PATCH-21839	December, 2016 Security Only Quality Update for Windows 7 for x64-based Systems (KB3205394)
PATCH-21838	December, 2016 Security Only Quality Update for Windows 7 (KB3205394)
PATCH-21843	December, 2016 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB3207752)
PATCH-21842	December, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3207752)
PATCH-21841	December, 2016 Security Monthly Quality Rollup for Windows 7 (KB3207752)
PATCH-21848	December, 2016 Security Only Quality Update for Windows Server 2012 R2 (KB3205400)
PATCH-21847	December, 2016 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB3205400)
PATCH-21846	December, 2016 Security Only Quality Update for Windows 8.1 (KB3205400)
PATCH-21844	December, 2016 Security Only Quality Update for Windows Server 2012 (KB3205408)
PATCH-21825	Security Update for Windows Vista for x64-based Systems (KB3208481)
PATCH-21826	Security Update for Windows Server 2008 for x64-based Systems (KB3208481)
PATCH-21823	Security Update for Windows Vista (KB3208481)
PATCH-21824	Security Update for Windows Server 2008 (KB3208481)
PATCH-21821	Cumulative Security Update for Internet Explorer 9 for Windows Vista for x64-based Systems (KB3203621)
PATCH-21819	Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB3203621)
PATCH-21827	Cumulative Update for Windows 10 (KB3205383)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234