{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-00007be2b22f","releaseDate":"2021-05-11T07:00:00Z","cveNumber":"CVE-2021-31936","cveTitle":"Microsoft Accessibility Insights for Web Information Disclosure Vulnerability","releaseNumber":"2021-May","vulnType":"Security Vulnerability","latestRevisionDate":"2023-10-17T07:00:00Z","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2021-31936","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2021-31936","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":2,"olderSoftwareRelease":"Exploitation Less Likely","denialOfService":"N/A","tag":"Microsoft Accessibility Insights for Web","issuingCna":"Microsoft","issuingCnaId":0,"severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"7.4","temporalScore":"6.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":0,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>What type of information could be disclosed by this vulnerability?</strong></p>\n<p>This vulnerability could disclose web content from cross-origin frames.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p>\n<p>A user would have to visit a web page with malicious javascript and run an extension scan on the web page.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>The vulnerability is in the Accessibility Insight for Web browser extension, but the impact is on the application running on the browser.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2021-31936","version":1,"revisionDate":"2021-05-11T07:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"49c880c5-3bac-eb11-a837-000d3a6d35d9"},{"cveNumber":"CVE-2021-31936","version":1.1,"revisionDate":"2021-05-25T07:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added acknowledgements. This is an informational change only.</p>\n","unformattedDescription":"Added acknowledgements. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"274714b1-a8bd-eb11-a838-000d3a6d35d9"},{"cveNumber":"CVE-2021-31936","version":1.2,"revisionDate":"2023-10-17T07:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"<p>Added an FAQ. This is an information change only.</p>\n","unformattedDescription":"Added an FAQ. This is an information change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"9893b747-216d-ee11-9363-000d3afbc7d7"}]}