Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-1236

Опубликовано: 01 апр. 2010
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Версия до 4.1.249.1035 (включая)
cpe:2.3:a:google:chrome:0.1.38.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.1.38.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.1.38.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.1.40.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.1.42.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:0.1.42.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.64:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:1.0.154.65:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.169.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.169.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.170.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.28:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:2.0.172.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.182.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.190.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.195.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.195.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.195.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.195.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.195.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:3.0.195.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.212.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.212.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.221.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.222.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.222.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.222.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.222.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.223.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.223.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.223.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.223.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.223.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.223.7:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.223.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.223.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.224.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.229.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.235.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.236.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.237.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.237.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.239.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.240.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.241.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.242.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.243.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.244.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.245.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.245.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.246.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.247.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.248.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.6:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.7:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.10:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.11:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.16:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.17:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.19:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.20:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.21:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.24:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.26:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.28:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.32:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.34:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.40:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.41:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.43:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.44:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.45:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.47:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.48:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.55:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.56:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.57:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.58:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.60:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.61:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.62:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.63:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.64:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.65:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.66:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.67:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.68:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.69:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.70:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.71:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.72:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.73:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.74:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.75:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.76:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.77:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.78:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.78:beta:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.79:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.80:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.81:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.82:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.249.89:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.250.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.250.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.251.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.252.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.254.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.255.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.256.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.257.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.258.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.259.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.260.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.261.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.262.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.263.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.264.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.265.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.266.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.267.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.268.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.269.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.271.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.272.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.275.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.275.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.276.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.277.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.278.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.286.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.287.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.288.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.288.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.289.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.290.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.292.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.294.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.295.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.296.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.299.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.300.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.301.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.302.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.302.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.302.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.302.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.303.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.304.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.0.305.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1001:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1004:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1006:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1007:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1008:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1009:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1010:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1011:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1012:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1013:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1014:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1015:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1016:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1017:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1018:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1019:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1020:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1021:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1022:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1023:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1024:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1025:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1026:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1027:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1028:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1029:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1030:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1031:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1032:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1033:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:4.1.249.1034:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:flock:flock:3.0.0.4094:*:*:*:*:*:*:*

EPSS

Процентиль: 69%
0.00617
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2010-1236

ubuntu
почти 16 лет назад

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

debian логотип

CVE-2010-1236

debian
почти 16 лет назад

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKi ...

github логотип

GHSA-qp79-v7x7-fmwp

github
почти 4 года назад

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

EPSS

Процентиль: 69%
0.00617
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79
Уязвимость CVE-2010-1236