Vulnerability Description
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Webkit | All versions |
| Chrome | <= 22.0.1229.96 | |
| Apple | Safari | 5.1.7 |
Related Weaknesses (CWE)
References
- http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-Exploit
- https://bugs.webkit.org/show_bug.cgi?id=92692Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80072
- http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-Exploit
- https://bugs.webkit.org/show_bug.cgi?id=92692Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80072
FAQ
What is CVE-2012-5851?
CVE-2012-5851 is a vulnerability with a CVSS score of 4.3 (MEDIUM). html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remot...
How severe is CVE-2012-5851?
CVE-2012-5851 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5851?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Webkit, Google Chrome, Apple Safari.