Summary
The host is installed with Google Chrome and is prone to multiple XSS vulnerabilities.
Impact
Successful exploitation will let the attacker execute arbitrary codes and XSS attack in the context of the web browser.
Solution
Upgrade to Google Chrome version 1.0.154.59.
http://www.google.com/chrome
Insight
- Error in chromeHTML URL protocol handler, that do not satisfy the IsWebSafeScheme restriction via a web page that sets document.location and also that are not constructed with sufficient escaping hence when invoked by Internet Explorer might open multiple tabs for unconstrained protocols such as javascript: or file:.
- It may allow malicious URLs to bypass the same-origin policy and obtain sensitive information including authentication credentials.
Affected
Google Chrome versions prior to 1.0.154.59.
References
Severity
Classification
-
CVE CVE-2009-1340, CVE-2009-1412 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability