CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
70.8%
The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive information via unspecified vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
chrome | 33.0.1750.0 | cpe:2.3:a:google:chrome:33.0.1750.0:*:*:*:*:*:*:* | |
chrome | 33.0.1750.1 | cpe:2.3:a:google:chrome:33.0.1750.1:*:*:*:*:*:*:* | |
chrome | 33.0.1750.2 | cpe:2.3:a:google:chrome:33.0.1750.2:*:*:*:*:*:*:* | |
chrome | 33.0.1750.3 | cpe:2.3:a:google:chrome:33.0.1750.3:*:*:*:*:*:*:* | |
chrome | 33.0.1750.4 | cpe:2.3:a:google:chrome:33.0.1750.4:*:*:*:*:*:*:* | |
chrome | 33.0.1750.5 | cpe:2.3:a:google:chrome:33.0.1750.5:*:*:*:*:*:*:* | |
chrome | 33.0.1750.6 | cpe:2.3:a:google:chrome:33.0.1750.6:*:*:*:*:*:*:* | |
chrome | 33.0.1750.7 | cpe:2.3:a:google:chrome:33.0.1750.7:*:*:*:*:*:*:* | |
chrome | 33.0.1750.8 | cpe:2.3:a:google:chrome:33.0.1750.8:*:*:*:*:*:*:* |