Lucene search

K
nvd[email protected]NVD:CVE-2022-4908
HistoryJul 29, 2023 - 12:15 a.m.

CVE-2022-4908

2023-07-2900:15:10
web.nvd.nist.gov
12
cve-2022-4908
inappropriate implementation
iframe sandbox
google chrome
cross-origin data
crafted html
medium severity

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.002

Percentile

56.5%

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Affected configurations

Nvd
Node
googlechromeRange<107.0.5304.62
VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.002

Percentile

56.5%