Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4905Cross-site Scripting in Google Chrome

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 25.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Google Chrome
Timeline
PublishedSep 13
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome18.0.1025306

🔴Vulnerability Details

1
GHSA
GHSA-c5xh-6qp8-4792: Cross-site scripting (XSS) vulnerability in Google Chrome before 182022-05-17

💥Exploits & PoCs

1
Exploit-DB
Google Chrome for Android - com.android.browser.application_id Intent Extra Data Cross-Site Scripting2012-09-12
CVE-2012-4905 — Cross-site Scripting in Google Chrome | cvebase