VDB
CVE-2010-1236
CVE-2010-1236
PUBLISHED
CVSS 4.300000190734863 MEDIUM
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
EPSS 0.62% · 70.3th percentile
Risk Scores
CVSS v2.0
4.300000190734863
EPSS Score
0.62%
70.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| flock | flock | 3.0.0.4094 |
| n/a | n/a | * |
| chrome | 0.1.38.2, 0.1.42.2, 0.1.42.3 |
Timeline
- Apr 1, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
References
- 43068 third-party-advisory
- http://src.chromium.org/viewvc/chrome?view=rev&revision=41244 url
- ADV-2011-0212 vdb
- oval:org.mitre.oval:def:14067 vdb
- http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html url
- https://bugs.webkit.org/show_bug.cgi?id=35948 url
- SUSE-SR:2011:002 vendor-advisory
- http://flock.com/security/ url
- http://code.google.com/p/chromium/issues/detail?id=37383 url
- http://codereview.chromium.org/858001 url
- https://nvd.nist.gov/vuln/detail/CVE-2010-1236 advisory
- http://flock.com/security url