cbcvebase.
CVE-2020-6470
published 2020-05-21

CVE-2020-6470: Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.

Affected

14 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 83.0.4103.83-183.0.4103.83-1
chromiumchromium>= 0 < 83.0.4103.83-183.0.4103.83-1
chromiumchromium>= 0 < 83.0.4103.83-183.0.4103.83-1
chromiumchromium>= 0 < 83.0.4103.83-183.0.4103.83-1
debianchromium< chromium 83.0.4103.83-1 (bookworm)chromium 83.0.4103.83-1 (bookworm)
debiandebian_linux
debiandebian_linux
fedoraprojectfedora
fedoraprojectfedora
googlechrome< 83.0.4103.6183.0.4103.61
googlechrome>= unspecified < 83.0.4103.6183.0.4103.61
googlechrome_chrome
opensusebackports_sle
opensuseleap

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM