CVE-2012-5851

Apple Webkit < 22.0.1229.96 - XSS

Title source: rule

Description

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tushar Dalvi · textwebappsphp

https://www.exploit-db.com/exploits/38024

View Code ZIP pw:eip

References (3)

[Exploit] http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html

[Exploit] https://bugs.webkit.org/show_bug.cgi?id=92692

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/80072

Scores

EPSS 0.0034

EPSS Percentile 56.7%

Details

CWE

CWE-79

Status published

Products (50)

apple/webkit

google/chrome < 22.0.1229.96

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

google/chrome

... and 40 more

Published Nov 15, 2012

Tracked Since Feb 18, 2026