CVE-2012-2899

Опубликовано: 05 янв. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Версия до 21.0.1180.81 (включая)

cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.70:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.71:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.73:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.74:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.75:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.76:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.77:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.78:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.79:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:21.0.1180.80:*:*:*:*:*:*:*

cpe:2.3:h:apple:ipad2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00117

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2012-2899

ubuntu

около 12 лет назад

CVE-2012-2899

debian

около 12 лет назад

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls ...

GHSA-qgwf-3p7g-gqvp

github

больше 3 лет назад

EPSS

Процентиль: 31%

0.00117

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79