CVE-2012-5906

Morequick Greenbrowser - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js.

References (6)

[Exploit] http://lostmon.blogspot.com/2012/03/greenbrowser-about-dialog-xss-and.html

[Exploit] http://packetstormsecurity.org/files/111252/GreenBrowser-6.1.x-Cross-Site-Scripting.html

[Vendor Advisory] http://secunia.com/advisories/48559

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52767

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74474

[Third Party Advisory, VDB Entry] http://osvdb.org/80636

Scores

EPSS 0.0052

EPSS Percentile 66.3%

Details

CWE

CWE-79

Status published

Products (3)

morequick/greenbrowser

morequick/greenbrowser

n/a/n/a

Published Nov 17, 2012

Tracked Since Feb 18, 2026