Lucene search

MitreCVE-2013-6656

HistoryFeb 24, 2014 - 4:48 a.m.

CVE-2013-6656

2014-02-2404:48:10

CWE-200

mitre

web.nvd.nist.gov

xss

blink

google chrome

cve-2013-6656

security vulnerability

information disclosure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.003

Percentile

70.8%

JSON

The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors.

Affected configurations

Nvd

Node

googlechromeRange≤33.0.1750.116

googlechromeMatch33.0.1750.0

googlechromeMatch33.0.1750.1

googlechromeMatch33.0.1750.2

googlechromeMatch33.0.1750.3

googlechromeMatch33.0.1750.4

googlechromeMatch33.0.1750.5

googlechromeMatch33.0.1750.6

googlechromeMatch33.0.1750.7

googlechromeMatch33.0.1750.8

googlechromeMatch33.0.1750.9

googlechromeMatch33.0.1750.10

googlechromeMatch33.0.1750.11

googlechromeMatch33.0.1750.12

googlechromeMatch33.0.1750.13

googlechromeMatch33.0.1750.14

googlechromeMatch33.0.1750.15

googlechromeMatch33.0.1750.16

googlechromeMatch33.0.1750.18

googlechromeMatch33.0.1750.19

googlechromeMatch33.0.1750.20

googlechromeMatch33.0.1750.21

googlechromeMatch33.0.1750.22

googlechromeMatch33.0.1750.23

googlechromeMatch33.0.1750.24

googlechromeMatch33.0.1750.25

googlechromeMatch33.0.1750.26

googlechromeMatch33.0.1750.27

googlechromeMatch33.0.1750.28

googlechromeMatch33.0.1750.29

googlechromeMatch33.0.1750.30

googlechromeMatch33.0.1750.31

googlechromeMatch33.0.1750.34

googlechromeMatch33.0.1750.35

googlechromeMatch33.0.1750.36

googlechromeMatch33.0.1750.37

googlechromeMatch33.0.1750.38

googlechromeMatch33.0.1750.39

googlechromeMatch33.0.1750.40

googlechromeMatch33.0.1750.41

googlechromeMatch33.0.1750.42

googlechromeMatch33.0.1750.43

googlechromeMatch33.0.1750.44

googlechromeMatch33.0.1750.45

googlechromeMatch33.0.1750.46

googlechromeMatch33.0.1750.47

googlechromeMatch33.0.1750.48

googlechromeMatch33.0.1750.49

googlechromeMatch33.0.1750.50

googlechromeMatch33.0.1750.51

googlechromeMatch33.0.1750.52

googlechromeMatch33.0.1750.53

googlechromeMatch33.0.1750.54

googlechromeMatch33.0.1750.55

googlechromeMatch33.0.1750.56

googlechromeMatch33.0.1750.57

googlechromeMatch33.0.1750.58

googlechromeMatch33.0.1750.59

googlechromeMatch33.0.1750.60

googlechromeMatch33.0.1750.61

googlechromeMatch33.0.1750.62

googlechromeMatch33.0.1750.63

googlechromeMatch33.0.1750.64

googlechromeMatch33.0.1750.65

googlechromeMatch33.0.1750.66

googlechromeMatch33.0.1750.67

googlechromeMatch33.0.1750.68

googlechromeMatch33.0.1750.69

googlechromeMatch33.0.1750.70

googlechromeMatch33.0.1750.71

googlechromeMatch33.0.1750.73

googlechromeMatch33.0.1750.74

googlechromeMatch33.0.1750.75

googlechromeMatch33.0.1750.76

googlechromeMatch33.0.1750.77

googlechromeMatch33.0.1750.79

googlechromeMatch33.0.1750.80

googlechromeMatch33.0.1750.81

googlechromeMatch33.0.1750.82

googlechromeMatch33.0.1750.83

googlechromeMatch33.0.1750.85

googlechromeMatch33.0.1750.88

googlechromeMatch33.0.1750.89

googlechromeMatch33.0.1750.90

googlechromeMatch33.0.1750.91

googlechromeMatch33.0.1750.92

googlechromeMatch33.0.1750.93

googlechromeMatch33.0.1750.104

googlechromeMatch33.0.1750.106

googlechromeMatch33.0.1750.107

googlechromeMatch33.0.1750.108

googlechromeMatch33.0.1750.109

googlechromeMatch33.0.1750.110

googlechromeMatch33.0.1750.111

googlechromeMatch33.0.1750.112

googlechromeMatch33.0.1750.113

googlechromeMatch33.0.1750.115

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
googlechrome33.0.1750.0cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:*
googlechrome33.0.1750.1cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:*
googlechrome33.0.1750.2cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:*
googlechrome33.0.1750.3cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:*
googlechrome33.0.1750.4cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:*
googlechrome33.0.1750.5cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:*
googlechrome33.0.1750.6cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:*
googlechrome33.0.1750.7cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:*
googlechrome33.0.1750.8cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
google	chrome	33.0.1750.0	cpe:2.3:a:google:chrome:33.0.1750.0:::::::*
google	chrome	33.0.1750.1	cpe:2.3:a:google:chrome:33.0.1750.1:::::::*
google	chrome	33.0.1750.2	cpe:2.3:a:google:chrome:33.0.1750.2:::::::*
google	chrome	33.0.1750.3	cpe:2.3:a:google:chrome:33.0.1750.3:::::::*
google	chrome	33.0.1750.4	cpe:2.3:a:google:chrome:33.0.1750.4:::::::*
google	chrome	33.0.1750.5	cpe:2.3:a:google:chrome:33.0.1750.5:::::::*
google	chrome	33.0.1750.6	cpe:2.3:a:google:chrome:33.0.1750.6:::::::*
google	chrome	33.0.1750.7	cpe:2.3:a:google:chrome:33.0.1750.7:::::::*
google	chrome	33.0.1750.8	cpe:2.3:a:google:chrome:33.0.1750.8:::::::*