8.4
CVE-2026-41098
- EPSS 0.81%
- Veröffentlicht 09.06.2026 17:17:06
- Zuletzt bearbeitet 09.06.2026 19:32:51
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Azure Stack Edge Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMicrosoft
≫
Produkt
Azure Stack Edge
Version
2.2.0
Version <
3.3.2604.3097
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.81% | 0.522 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 8.4 | 1.7 | 6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41098