Lucene search

ChromeCVE-2014-1747

HistoryMay 21, 2014 - 11:14 a.m.

CVE-2014-1747

2014-05-2111:14:09

CWE-79

Chrome

web.nvd.nist.gov

cve-2014-1747

xss

vulnerability

documentloader

blink

google chrome

mhtml

universal xss

uxss

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

4.7

Confidence

High

EPSS

0.003

Percentile

69.9%

JSON

Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka “Universal XSS (UXSS).”

Affected configurations

Nvd

Node

googlechromeRange≤35.0.1916.113

googlechromeMatch35.0.1916.0

googlechromeMatch35.0.1916.1

googlechromeMatch35.0.1916.2

googlechromeMatch35.0.1916.3

googlechromeMatch35.0.1916.4

googlechromeMatch35.0.1916.5

googlechromeMatch35.0.1916.6

googlechromeMatch35.0.1916.7

googlechromeMatch35.0.1916.8

googlechromeMatch35.0.1916.9

googlechromeMatch35.0.1916.10

googlechromeMatch35.0.1916.11

googlechromeMatch35.0.1916.13

googlechromeMatch35.0.1916.14

googlechromeMatch35.0.1916.15

googlechromeMatch35.0.1916.17

googlechromeMatch35.0.1916.18

googlechromeMatch35.0.1916.19

googlechromeMatch35.0.1916.20

googlechromeMatch35.0.1916.21

googlechromeMatch35.0.1916.22

googlechromeMatch35.0.1916.23

googlechromeMatch35.0.1916.27

googlechromeMatch35.0.1916.31

googlechromeMatch35.0.1916.32

googlechromeMatch35.0.1916.33

googlechromeMatch35.0.1916.34

googlechromeMatch35.0.1916.35

googlechromeMatch35.0.1916.36

googlechromeMatch35.0.1916.37

googlechromeMatch35.0.1916.38

googlechromeMatch35.0.1916.39

googlechromeMatch35.0.1916.40

googlechromeMatch35.0.1916.41

googlechromeMatch35.0.1916.42

googlechromeMatch35.0.1916.43

googlechromeMatch35.0.1916.44

googlechromeMatch35.0.1916.45

googlechromeMatch35.0.1916.46

googlechromeMatch35.0.1916.47

googlechromeMatch35.0.1916.48

googlechromeMatch35.0.1916.49

googlechromeMatch35.0.1916.51

googlechromeMatch35.0.1916.52

googlechromeMatch35.0.1916.54

googlechromeMatch35.0.1916.56

googlechromeMatch35.0.1916.57

googlechromeMatch35.0.1916.59

googlechromeMatch35.0.1916.61

googlechromeMatch35.0.1916.68

googlechromeMatch35.0.1916.69

googlechromeMatch35.0.1916.71

googlechromeMatch35.0.1916.72

googlechromeMatch35.0.1916.74

googlechromeMatch35.0.1916.77

googlechromeMatch35.0.1916.80

googlechromeMatch35.0.1916.82

googlechromeMatch35.0.1916.84

googlechromeMatch35.0.1916.85

googlechromeMatch35.0.1916.86

googlechromeMatch35.0.1916.88

googlechromeMatch35.0.1916.90

googlechromeMatch35.0.1916.92

googlechromeMatch35.0.1916.93

googlechromeMatch35.0.1916.95

googlechromeMatch35.0.1916.96

googlechromeMatch35.0.1916.98

googlechromeMatch35.0.1916.99

googlechromeMatch35.0.1916.101

googlechromeMatch35.0.1916.103

googlechromeMatch35.0.1916.104

googlechromeMatch35.0.1916.105

googlechromeMatch35.0.1916.106

googlechromeMatch35.0.1916.107

googlechromeMatch35.0.1916.108

googlechromeMatch35.0.1916.109

googlechromeMatch35.0.1916.110

googlechromeMatch35.0.1916.111

googlechromeMatch35.0.1916.112

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
googlechrome35.0.1916.0cpe:2.3:a:google:chrome:35.0.1916.0:*:*:*:*:*:*:*
googlechrome35.0.1916.1cpe:2.3:a:google:chrome:35.0.1916.1:*:*:*:*:*:*:*
googlechrome35.0.1916.2cpe:2.3:a:google:chrome:35.0.1916.2:*:*:*:*:*:*:*
googlechrome35.0.1916.3cpe:2.3:a:google:chrome:35.0.1916.3:*:*:*:*:*:*:*
googlechrome35.0.1916.4cpe:2.3:a:google:chrome:35.0.1916.4:*:*:*:*:*:*:*
googlechrome35.0.1916.5cpe:2.3:a:google:chrome:35.0.1916.5:*:*:*:*:*:*:*
googlechrome35.0.1916.6cpe:2.3:a:google:chrome:35.0.1916.6:*:*:*:*:*:*:*
googlechrome35.0.1916.7cpe:2.3:a:google:chrome:35.0.1916.7:*:*:*:*:*:*:*
googlechrome35.0.1916.8cpe:2.3:a:google:chrome:35.0.1916.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
google	chrome	35.0.1916.0	cpe:2.3:a:google:chrome:35.0.1916.0:::::::*
google	chrome	35.0.1916.1	cpe:2.3:a:google:chrome:35.0.1916.1:::::::*
google	chrome	35.0.1916.2	cpe:2.3:a:google:chrome:35.0.1916.2:::::::*
google	chrome	35.0.1916.3	cpe:2.3:a:google:chrome:35.0.1916.3:::::::*
google	chrome	35.0.1916.4	cpe:2.3:a:google:chrome:35.0.1916.4:::::::*
google	chrome	35.0.1916.5	cpe:2.3:a:google:chrome:35.0.1916.5:::::::*
google	chrome	35.0.1916.6	cpe:2.3:a:google:chrome:35.0.1916.6:::::::*
google	chrome	35.0.1916.7	cpe:2.3:a:google:chrome:35.0.1916.7:::::::*
google	chrome	35.0.1916.8	cpe:2.3:a:google:chrome:35.0.1916.8:::::::*