Summary
This host is installed with Google Chrome and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to conduct XSS attacks on the victim's system via SVG document.
Impact Level: Application
Solution
Upgrade to Google Chrom version 3.0.195.21 or later http://www.google.com/chrome
Insight
Error exists when 'getSVGDocument' method omits an unspecified access check which can be exploited by remote web servers to bypass the Same Origin Policy and conduct XSS attacks via unknown vectors.
Affected
Google Chrome version prior to 3.0.195.21 on Windows.
References
Severity
Classification
-
CVE CVE-2009-3264 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Struts2 showcase namespace XSS Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability