Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5851Cross-site Scripting in Google Chrome

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 42.97%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Google ChromeApple Safari
Timeline
PublishedNov 15
Latest updateMay 17

Description

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDgoogle/chrome22.0.1229.96+59
NVDapple/safari5.1.7

🔴Vulnerability Details

2
GHSA
GHSA-xqrw-qq76-h9pm: html/parser/XSSAuditor2022-05-17
OSV
CVE-2012-5851: html/parser/XSSAuditor2012-11-15

💥Exploits & PoCs

1
Exploit-DB
WebKit Cross-Site Scripting Filter - 'Cross-Site ScriptingAuditor.cpp' Security Bypass2012-07-19