Vulnerability Details : CVE-2013-2849
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2013-2849
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.87:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.86:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.78:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.70:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.82:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.81:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.73:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.65:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.85:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.84:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.83:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.76:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.75:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.67:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.89:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.88:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.79:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.72:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:27.0.1453.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2849
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2849
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-2849
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2849
-
http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
Chrome Releases: Stable Channel Release
-
http://www.debian.org/security/2013/dsa-2695
Debian -- Security Information -- DSA-2695-1 chromium-browser
-
https://code.google.com/p/chromium/issues/detail?id=171392
171392 - Cross-Origin copy&paste / drag&drop allowing XSS (again, this time srcdoc) - chromium - Monorail
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16753
Repository / Oval Repository
Jump to