Test Kennung:	1.3.6.1.4.1.25623.1.0.800561
Kategorie:	Web application abuses
Titel:	Google Chrome Multiple XSS Vulnerabilities (May 09)
Zusammenfassung:	The host is installed with Google Chrome and is prone to; multiple XSS vulnerabilities.
Beschreibung:	Summary: The host is installed with Google Chrome and is prone to multiple XSS vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Error in chromeHTML URL protocol handler, that do not satisfy the IsWebSafeScheme restriction via a web page that sets document.location and also that are not constructed with sufficient escaping hence when invoked by Internet Explorer might open multiple tabs for unconstrained protocols such as javascript: or file:. - It may allow malicious URLs to bypass the same-origin policy and obtain sensitive information including authentication credentials. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes and XSS attack in the context of the web browser. Affected Software/OS: Google Chrome versions prior to 1.0.154.59. Solution: Upgrade to Google Chrome version 1.0.154.59. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Querverweis:	BugTraq ID: 34704 Common Vulnerability Exposure (CVE) ID: CVE-2009-1412 http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc XForce ISS Database: googlechrome-chromehtml-command-execution(50449) https://exchange.xforce.ibmcloud.com/vulnerabilities/50449 Common Vulnerability Exposure (CVE) ID: CVE-2009-1340
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.