Summary
This host is installed with Google Chrome and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to inject arbitrary web script or HTML on the victim's system.
Impact Level: Application
Solution
Upgrade to Google Chrom version 3.0.195.21 or later http://www.google.com/chrome
Insight
An XSS vulnerability exists when the application fails to handle 'RSS' and 'Atom' feed, related to the rendering of the application/rss+xml content type as 'scripted content.'.
Affected
Google Chrome version 2.x and 3.x before 3.0.195.21 on Windows.
References
- http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html
- http://secunia.com/advisories/36770
- http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/
- http://www.securityfocus.com/archive/1/archive/1/506517/100/0/threaded
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3263 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure