[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3264Date: (C)2009-09-18   (M)2023-12-22


The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-36416
SECUNIA-36770
OSVDB-58193
http://code.google.com/p/chromium/issues/detail?id=21338
http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html

CPE    41
cpe:/a:google:chrome:0.2.149.30
cpe:/a:google:chrome:1.0.154.39
cpe:/a:google:chrome:2.0.169.0
cpe:/a:google:chrome:1.0.154.59
...
CWE    1
CWE-264
OVAL    4
oval:org.secpod.oval:def:36811
oval:org.secpod.oval:def:36810
oval:org.secpod.oval:def:33093
oval:org.secpod.oval:def:33092
...

© SecPod Technologies