Lucene search

K

[email protected]NVD:CVE-2015-1261

HistoryMay 20, 2015 - 10:59 a.m.

CVE-2015-1261

2015-05-2010:59:13

CWE-20

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL’s fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.

Affected configurations

NVD

Node

debiandebian_linuxMatch8.0

Node

googlechromeRange≤42.0.2311.107android

References

googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html

lists.opensuse.org/opensuse-updates/2015-05/msg00091.html

lists.opensuse.org/opensuse-updates/2015-11/msg00015.html

www.debian.org/security/2015/dsa-3267

www.securityfocus.com/bid/74723

www.securitytracker.com/id/1032375

code.google.com/p/chromium/issues/detail?id=466351

codereview.chromium.org/1011383005

codereview.chromium.org/1056743002

codereview.chromium.org/1077483002

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

Related for NVD:CVE-2015-1261

cve1 prion1 ubuntucve1 cvelist1 debiancve1 freebsd1 nessus4 securityvulns2 threatpost1 openvas2 debian2 redhat1 osv1 kaspersky1 chrome1