Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-5851

Опубликовано: 15 нояб. 2012
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Версия до 22.0.1229.96 (включая)
cpe:2.3:a:google:chrome:22.0.1229.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.6:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.7:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.9:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.10:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.11:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.16:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.17:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.20:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.21:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.24:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.26:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.28:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.32:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.48:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.55:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.56:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.57:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.58:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.60:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.62:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.63:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.64:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.65:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.67:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.76:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.78:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.79:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.89:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.91:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.92:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.94:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:22.0.1229.95:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:apple:safari:5.1.7:*:*:*:*:*:*:*
cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*

EPSS

Процентиль: 56%
0.00344
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2012-5851

ubuntu
около 13 лет назад

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

debian логотип

CVE-2012-5851

debian
около 13 лет назад

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chr ...

github логотип

GHSA-xqrw-qq76-h9pm

github
больше 3 лет назад

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

EPSS

Процентиль: 56%
0.00344
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79