Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-3881
HistoryOct 25, 2011 - 7:55 p.m.

CVE-2011-3881

2011-10-2519:55:01
CWE-79
[email protected]
web.nvd.nist.gov
26
cve
2011
3881
webkit
universal xss
chrome
android
same origin policy
domwindow::clear
xss attacks
htmlpluginimageelement
xsltprocessor
scriptcontroller.

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.7%

JSON

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an proto property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function.

Affected configurations

NVD
Node
googlechromeRange<15.0.874.102
Node
googleandroidRange<4.4
Node
applesafariRange<5.1.4
OR
appleiphone_osRange<5.1

References

Related

debiancve 1
ubuntucve 1
nvd 1
prion 1
cvelist 1
openvas 14
nessus 9
threatpost 1
chrome 1
gentoo 1
securityvulns 2
freebsd 1
debiancve
debiancve
CVE-2011-3881
2011-10-25 19:55:00
ubuntucve
ubuntucve
CVE-2011-3881
2011-10-25 00:00:00
nvd
nvd
CVE-2011-3881
2011-10-25 19:55:01
prion
prion
Design/Logic Flaw
2011-10-25 19:55:00
cvelist
cvelist
CVE-2011-3881
2011-10-25 19:00:00
openvas
openvas
Google Chrome Multiple Vulnerabilities - October11 (Windows)
2011-10-28 00:00:00
Google Chrome Multiple Vulnerabilities (Oct 2011) - Windows
2011-10-28 00:00:00
Google Chrome multiple vulnerabilities - October11 (Linux)
2011-10-28 00:00:00
nessus
nessus
Google Chrome < 15.0.874.102 Multiple Vulnerabilities
2011-10-26 00:00:00
Google Chrome < 15.0.874.102 Multiple Vulnerabilities
2011-10-26 00:00:00
Google Chrome < 15.0.874.102 Multiple Vulnerabilities
2011-10-26 00:00:00
threatpost
threatpost
Google Fixes 27 Bugs in Chrome 15
2011-10-25 17:51:34
chrome
chrome
Chrome Stable Release
2011-10-25 00:00:00
gentoo
gentoo
Chromium, V8: Multiple vulnerabilities
2011-11-01 00:00:00
securityvulns
securityvulns
Apple WebKit &#40;iTunes, iPhone, Safari, Google Chrome&#41; multiple security vulnerabilities
2012-08-27 00:00:00
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update
2012-03-09 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2010-10-19 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.7%

JSON
Related for CVE-2011-3881
debiancve1ubuntucve1nvd1prion1cvelist1openvas14nessus9threatpost1chrome1gentoo1securityvulns2freebsd1