Volerion logoVolerion
Volerion logoVolerion

Microsoft Azure Stack Edge Cross-Site Scripting Vulnerability Allowing Spoofing

Vulnerability

A cross-site scripting vulnerability has been identified in Azure Stack Edge, specifically in the Local UI certificate management interface. This issue allows an authorized attacker to upload a malicious SSL/TLS certificate containing JavaScript into the X.509 Subject or Issuer fields. When an administrator views the certificate details, the embedded script executes in their browser, potentially leading to unauthorized administrative actions and access to sensitive configuration or cryptographic materials.

Impact

Exploitation of this vulnerability could allow an attacker to perform spoofing over the network, with the added risk of executing administrative actions and accessing confidential information within the Azure Stack Edge Local UI.

Remediation

Users can download the security update for Azure Stack Edge from the Microsoft Update Catalog. Instructions for applying the update are available in the Azure Stack Edge release notes.

Added: Jun 9, 2026, 8:14 PM
Updated: Jun 9, 2026, 8:14 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
5.4
exploitability
3.2
remediation
7.7
relevance
9.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.