Tushar Dalvi

1 exploit Active since Nov 2012
CVE-2012-5851 EXPLOITDB text WORKING POC
WebKit - Cross-Site Scripting Bypass via Reflected Data
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.