Summary
This host is installed with Google Chrome and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to conduct XSS attacks on the victim's system via SVG document.
Impact Level: Application
Solution
Upgrade to Google Chrom version 3.0.195.21 or later http://www.google.com/chrome
Insight
Error exists when 'getSVGDocument' method omits an unspecified access check which can be exploited by remote web servers to bypass the Same Origin Policy and conduct XSS attacks via unknown vectors.
Affected
Google Chrome version prior to 3.0.195.21 on Windows.
References
Severity
Classification
-
CVE CVE-2009-3264 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities