Cross-Site Scripting in Microsoft Edge by Microsoft
CVE-2026-58298

7.2HIGH

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
3 July 2026

What is CVE-2026-58298?

A cross-site scripting vulnerability exists in Microsoft Edge (Chromium-based) due to improper handling of input during web page generation. An attacker can exploit this flaw to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data theft through spoofing attacks over the network. Users are encouraged to apply security updates to mitigate this risk.

Affected Version(s)

Microsoft Edge (Chromium-based) 1.0.0.0 < 150.0.4078.48

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.