Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42507
HistoryAug 06, 2023 - 11:23 p.m.

Improper Input Validation

2023-08-0623:23:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
vulnerability bypass navigation restrictions crafted html page

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.002

Percentile

56.0%

chromium is vulnerable to Improper Input Validation. The vulnerability exists due to inappropriate implementation in Autofill in Google Chrome which allows a remote attacker to bypass navigation restrictions via a crafted HTML page.

Affected configurations

Vulners
Node
-chromium\Matchsid88.0.4324.182-1
OR
-chromium\Matchsid83.0.4103.116-3.1
OR
-chromium\Matchbullseye83.0.4103.116-3.1
OR
-chromium\Matchsid88.0.4324.182-1
OR
-chromium\Matchsid83.0.4103.116-3.1
OR
-chromium\Matchbullseye83.0.4103.116-3.1
VendorProductVersionCPE
-chromium\sidcpe:2.3:a:-:chromium\:sid:88.0.4324.182-1:*:*:*:*:*:*:*
-chromium\sidcpe:2.3:a:-:chromium\:sid:83.0.4103.116-3.1:*:*:*:*:*:*:*
-chromium\bullseyecpe:2.3:a:-:chromium\:bullseye:83.0.4103.116-3.1:*:*:*:*:*:*:*

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.002

Percentile

56.0%