Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2010-1236
HistoryApr 01, 2010 - 10:30 p.m.

CVE-2010-1236

2010-04-0122:30:00
CWE-79
[email protected]
web.nvd.nist.gov
4

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.7

Confidence

High

EPSS

0.005

Percentile

76.2%

JSON

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

Affected configurations

Nvd
Node
googlechromeRange4.1.249.1035
OR
googlechromeMatch0.1.38.1
OR
googlechromeMatch0.1.38.2
OR
googlechromeMatch0.1.38.4
OR
googlechromeMatch0.1.40.1
OR
googlechromeMatch0.1.42.2
OR
googlechromeMatch0.1.42.3
OR
googlechromeMatch1.0.154.53
OR
googlechromeMatch1.0.154.59
OR
googlechromeMatch1.0.154.64
OR
googlechromeMatch1.0.154.65
OR
googlechromeMatch2.0.169.0
OR
googlechromeMatch2.0.169.1
OR
googlechromeMatch2.0.170.0
OR
googlechromeMatch2.0.172.2
OR
googlechromeMatch2.0.172.8
OR
googlechromeMatch2.0.172.27
OR
googlechromeMatch2.0.172.28
OR
googlechromeMatch2.0.172.30
OR
googlechromeMatch2.0.172.33
OR
googlechromeMatch2.0.172.37
OR
googlechromeMatch2.0.172.38
OR
googlechromeMatch3.0.182.2
OR
googlechromeMatch3.0.190.2
OR
googlechromeMatch3.0.195.25
OR
googlechromeMatch3.0.195.27
OR
googlechromeMatch3.0.195.33
OR
googlechromeMatch3.0.195.36
OR
googlechromeMatch3.0.195.37
OR
googlechromeMatch3.0.195.38
OR
googlechromeMatch4.0.212.0
OR
googlechromeMatch4.0.212.1
OR
googlechromeMatch4.0.221.8
OR
googlechromeMatch4.0.222.0
OR
googlechromeMatch4.0.222.1
OR
googlechromeMatch4.0.222.5
OR
googlechromeMatch4.0.222.12
OR
googlechromeMatch4.0.223.0
OR
googlechromeMatch4.0.223.1
OR
googlechromeMatch4.0.223.2
OR
googlechromeMatch4.0.223.4
OR
googlechromeMatch4.0.223.5
OR
googlechromeMatch4.0.223.7
OR
googlechromeMatch4.0.223.8
OR
googlechromeMatch4.0.223.9
OR
googlechromeMatch4.0.224.0
OR
googlechromeMatch4.0.229.1
OR
googlechromeMatch4.0.235.0
OR
googlechromeMatch4.0.236.0
OR
googlechromeMatch4.0.237.0
OR
googlechromeMatch4.0.237.1
OR
googlechromeMatch4.0.239.0
OR
googlechromeMatch4.0.240.0
OR
googlechromeMatch4.0.241.0
OR
googlechromeMatch4.0.242.0
OR
googlechromeMatch4.0.243.0
OR
googlechromeMatch4.0.244.0
OR
googlechromeMatch4.0.245.0
OR
googlechromeMatch4.0.245.1
OR
googlechromeMatch4.0.246.0
OR
googlechromeMatch4.0.247.0
OR
googlechromeMatch4.0.248.0
OR
googlechromeMatch4.0.249.0
OR
googlechromeMatch4.0.249.1
OR
googlechromeMatch4.0.249.2
OR
googlechromeMatch4.0.249.3
OR
googlechromeMatch4.0.249.4
OR
googlechromeMatch4.0.249.5
OR
googlechromeMatch4.0.249.6
OR
googlechromeMatch4.0.249.7
OR
googlechromeMatch4.0.249.8
OR
googlechromeMatch4.0.249.9
OR
googlechromeMatch4.0.249.10
OR
googlechromeMatch4.0.249.11
OR
googlechromeMatch4.0.249.12
OR
googlechromeMatch4.0.249.14
OR
googlechromeMatch4.0.249.16
OR
googlechromeMatch4.0.249.17
OR
googlechromeMatch4.0.249.18
OR
googlechromeMatch4.0.249.19
OR
googlechromeMatch4.0.249.20
OR
googlechromeMatch4.0.249.21
OR
googlechromeMatch4.0.249.22
OR
googlechromeMatch4.0.249.23
OR
googlechromeMatch4.0.249.24
OR
googlechromeMatch4.0.249.25
OR
googlechromeMatch4.0.249.26
OR
googlechromeMatch4.0.249.27
OR
googlechromeMatch4.0.249.28
OR
googlechromeMatch4.0.249.29
OR
googlechromeMatch4.0.249.30
OR
googlechromeMatch4.0.249.31
OR
googlechromeMatch4.0.249.32
OR
googlechromeMatch4.0.249.33
OR
googlechromeMatch4.0.249.34
OR
googlechromeMatch4.0.249.35
OR
googlechromeMatch4.0.249.36
OR
googlechromeMatch4.0.249.37
OR
googlechromeMatch4.0.249.38
OR
googlechromeMatch4.0.249.39
OR
googlechromeMatch4.0.249.40
OR
googlechromeMatch4.0.249.41
OR
googlechromeMatch4.0.249.42
OR
googlechromeMatch4.0.249.43
OR
googlechromeMatch4.0.249.44
OR
googlechromeMatch4.0.249.45
OR
googlechromeMatch4.0.249.46
OR
googlechromeMatch4.0.249.47
OR
googlechromeMatch4.0.249.48
OR
googlechromeMatch4.0.249.49
OR
googlechromeMatch4.0.249.50
OR
googlechromeMatch4.0.249.51
OR
googlechromeMatch4.0.249.52
OR
googlechromeMatch4.0.249.53
OR
googlechromeMatch4.0.249.54
OR
googlechromeMatch4.0.249.55
OR
googlechromeMatch4.0.249.56
OR
googlechromeMatch4.0.249.57
OR
googlechromeMatch4.0.249.58
OR
googlechromeMatch4.0.249.59
OR
googlechromeMatch4.0.249.60
OR
googlechromeMatch4.0.249.61
OR
googlechromeMatch4.0.249.62
OR
googlechromeMatch4.0.249.63
OR
googlechromeMatch4.0.249.64
OR
googlechromeMatch4.0.249.65
OR
googlechromeMatch4.0.249.66
OR
googlechromeMatch4.0.249.67
OR
googlechromeMatch4.0.249.68
OR
googlechromeMatch4.0.249.69
OR
googlechromeMatch4.0.249.70
OR
googlechromeMatch4.0.249.71
OR
googlechromeMatch4.0.249.72
OR
googlechromeMatch4.0.249.73
OR
googlechromeMatch4.0.249.74
OR
googlechromeMatch4.0.249.75
OR
googlechromeMatch4.0.249.76
OR
googlechromeMatch4.0.249.77
OR
googlechromeMatch4.0.249.78
OR
googlechromeMatch4.0.249.78beta
OR
googlechromeMatch4.0.249.79
OR
googlechromeMatch4.0.249.80
OR
googlechromeMatch4.0.249.81
OR
googlechromeMatch4.0.249.82
OR
googlechromeMatch4.0.249.89
OR
googlechromeMatch4.0.250.0
OR
googlechromeMatch4.0.250.2
OR
googlechromeMatch4.0.251.0
OR
googlechromeMatch4.0.252.0
OR
googlechromeMatch4.0.254.0
OR
googlechromeMatch4.0.255.0
OR
googlechromeMatch4.0.256.0
OR
googlechromeMatch4.0.257.0
OR
googlechromeMatch4.0.258.0
OR
googlechromeMatch4.0.259.0
OR
googlechromeMatch4.0.260.0
OR
googlechromeMatch4.0.261.0
OR
googlechromeMatch4.0.262.0
OR
googlechromeMatch4.0.263.0
OR
googlechromeMatch4.0.264.0
OR
googlechromeMatch4.0.265.0
OR
googlechromeMatch4.0.266.0
OR
googlechromeMatch4.0.267.0
OR
googlechromeMatch4.0.268.0
OR
googlechromeMatch4.0.269.0
OR
googlechromeMatch4.0.271.0
OR
googlechromeMatch4.0.272.0
OR
googlechromeMatch4.0.275.0
OR
googlechromeMatch4.0.275.1
OR
googlechromeMatch4.0.276.0
OR
googlechromeMatch4.0.277.0
OR
googlechromeMatch4.0.278.0
OR
googlechromeMatch4.0.286.0
OR
googlechromeMatch4.0.287.0
OR
googlechromeMatch4.0.288.0
OR
googlechromeMatch4.0.288.1
OR
googlechromeMatch4.0.289.0
OR
googlechromeMatch4.0.290.0
OR
googlechromeMatch4.0.292.0
OR
googlechromeMatch4.0.294.0
OR
googlechromeMatch4.0.295.0
OR
googlechromeMatch4.0.296.0
OR
googlechromeMatch4.0.299.0
OR
googlechromeMatch4.0.300.0
OR
googlechromeMatch4.0.301.0
OR
googlechromeMatch4.0.302.0
OR
googlechromeMatch4.0.302.1
OR
googlechromeMatch4.0.302.2
OR
googlechromeMatch4.0.302.3
OR
googlechromeMatch4.0.303.0
OR
googlechromeMatch4.0.304.0
OR
googlechromeMatch4.0.305.0
OR
googlechromeMatch4.1.249.0
OR
googlechromeMatch4.1.249.1001
OR
googlechromeMatch4.1.249.1004
OR
googlechromeMatch4.1.249.1006
OR
googlechromeMatch4.1.249.1007
OR
googlechromeMatch4.1.249.1008
OR
googlechromeMatch4.1.249.1009
OR
googlechromeMatch4.1.249.1010
OR
googlechromeMatch4.1.249.1011
OR
googlechromeMatch4.1.249.1012
OR
googlechromeMatch4.1.249.1013
OR
googlechromeMatch4.1.249.1014
OR
googlechromeMatch4.1.249.1015
OR
googlechromeMatch4.1.249.1016
OR
googlechromeMatch4.1.249.1017
OR
googlechromeMatch4.1.249.1018
OR
googlechromeMatch4.1.249.1019
OR
googlechromeMatch4.1.249.1020
OR
googlechromeMatch4.1.249.1021
OR
googlechromeMatch4.1.249.1022
OR
googlechromeMatch4.1.249.1023
OR
googlechromeMatch4.1.249.1024
OR
googlechromeMatch4.1.249.1025
OR
googlechromeMatch4.1.249.1026
OR
googlechromeMatch4.1.249.1027
OR
googlechromeMatch4.1.249.1028
OR
googlechromeMatch4.1.249.1029
OR
googlechromeMatch4.1.249.1030
OR
googlechromeMatch4.1.249.1031
OR
googlechromeMatch4.1.249.1032
OR
googlechromeMatch4.1.249.1033
OR
googlechromeMatch4.1.249.1034
Node
flockflockMatch3.0.0.4094
VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
googlechrome0.1.38.1cpe:2.3:a:google:chrome:0.1.38.1:*:*:*:*:*:*:*
googlechrome0.1.38.2cpe:2.3:a:google:chrome:0.1.38.2:*:*:*:*:*:*:*
googlechrome0.1.38.4cpe:2.3:a:google:chrome:0.1.38.4:*:*:*:*:*:*:*
googlechrome0.1.40.1cpe:2.3:a:google:chrome:0.1.40.1:*:*:*:*:*:*:*
googlechrome0.1.42.2cpe:2.3:a:google:chrome:0.1.42.2:*:*:*:*:*:*:*
googlechrome0.1.42.3cpe:2.3:a:google:chrome:0.1.42.3:*:*:*:*:*:*:*
googlechrome1.0.154.53cpe:2.3:a:google:chrome:1.0.154.53:*:*:*:*:*:*:*
googlechrome1.0.154.59cpe:2.3:a:google:chrome:1.0.154.59:*:*:*:*:*:*:*
googlechrome1.0.154.64cpe:2.3:a:google:chrome:1.0.154.64:*:*:*:*:*:*:*
Rows per page:
1-10 of 2251

Related

cvelist 1
ubuntucve 1
debiancve 1
securityvulns 2
cve 1
prion 1
nessus 3
openvas 2
cvelist
cvelist
CVE-2010-1236
2010-04-01 22:00:00
ubuntucve
ubuntucve
CVE-2010-1236
2010-04-01 00:00:00
debiancve
debiancve
CVE-2010-1236
2010-04-01 22:30:00
securityvulns
securityvulns
[FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS)
2010-09-17 00:00:00
Flock browser crossite scripting
2010-09-17 00:00:00
cve
cve
CVE-2010-1236
2010-04-01 22:30:00
prion
prion
Cross site scripting
2010-04-01 22:30:00
nessus
nessus
Google Chrome < 4.1.249.1036 Multiple Vulnerabilities
2010-03-18 00:00:00
openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
2011-05-05 00:00:00
openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
2014-06-13 00:00:00
openvas
openvas
Google Chrome Multiple Vulnerabilities (win)
2010-04-13 00:00:00
Google Chrome Multiple Vulnerabilities (win)
2010-04-13 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.7

Confidence

High

EPSS

0.005

Percentile

76.2%

JSON
Related for NVD:CVE-2010-1236
cvelist1ubuntucve1debiancve1securityvulns2cve1prion1nessus3openvas2