[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-1716Date: (C)2014-04-11   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
DSA-2905
GLSA-201408-16
IAVM:2014-B-0039
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
https://code.google.com/p/chromium/issues/detail?id=354123
https://code.google.com/p/v8/source/detail?r=20138
openSUSE-SU-2014:0601

CPE    5
cpe:/o:novell:opensuse:13.1
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:novell:opensuse:12.3
...
CWE    1
CWE-94
OVAL    9
oval:org.secpod.oval:def:17564
oval:org.secpod.oval:def:17549
oval:org.secpod.oval:def:17405
oval:org.secpod.oval:def:601266
...

© SecPod Technologies