Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.800561 |
Kategorie: | Web application abuses |
Titel: | Google Chrome Multiple XSS Vulnerabilities (May 09) |
Zusammenfassung: | The host is installed with Google Chrome and is prone to; multiple XSS vulnerabilities. |
Beschreibung: | Summary: The host is installed with Google Chrome and is prone to multiple XSS vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Error in chromeHTML URL protocol handler, that do not satisfy the IsWebSafeScheme restriction via a web page that sets document.location and also that are not constructed with sufficient escaping hence when invoked by Internet Explorer might open multiple tabs for unconstrained protocols such as javascript: or file:. - It may allow malicious URLs to bypass the same-origin policy and obtain sensitive information including authentication credentials. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes and XSS attack in the context of the web browser. Affected Software/OS: Google Chrome versions prior to 1.0.154.59. Solution: Upgrade to Google Chrome version 1.0.154.59. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N |
Querverweis: |
BugTraq ID: 34704 Common Vulnerability Exposure (CVE) ID: CVE-2009-1412 http://chromium.googlecode.com/issues/attachment?aid=5579180911289877192&name=Google+Chrome+Advisory.doc XForce ISS Database: googlechrome-chromehtml-command-execution(50449) https://exchange.xforce.ibmcloud.com/vulnerabilities/50449 Common Vulnerability Exposure (CVE) ID: CVE-2009-1340 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |