Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-5851. PoCs published by Tushar Dalvi.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in WebKit by bypassing the XSS filter mechanism. The provided test.jsp code and URI example show how an attacker can inject arbitrary JavaScript code to steal cookie-based authentication credentials.
Description
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in WebKit by bypassing the XSS filter mechanism. The provided test.jsp code and URI example show how an attacker can inject arbitrary JavaScript code to steal cookie-based authentication credentials.