Cross-Site Scripting Vulnerability in Microsoft Edge by Microsoft
CVE-2026-57977

7.1HIGH

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
3 July 2026

What is CVE-2026-57977?

A cross-site scripting vulnerability in Microsoft Edge (Chromium-based) stems from the improper handling of input during the generation of web pages. This flaw could potentially allow an unauthorized attacker to conduct spoofing attacks over a network, thereby compromising user trust and data integrity. The vulnerability highlights the importance of input sanitization to prevent malicious code injection that can lead to various security implications for users.

Affected Version(s)

Microsoft Edge (Chromium-based) 1.0.0.0 < 150.0.4078.48

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.