Google : Security Vulnerabilities, CVEs, Published In 2010 (XSS)

CVE-2010-1236

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
Max CVSS
4.3
EPSS Score
0.49%
Published
2010-04-01
Updated
2017-09-19

CVE-2010-1503

Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.
Max CVSS
4.3
EPSS Score
0.27%
Published
2010-04-23
Updated
2017-09-19

CVE-2010-1504

Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.
Max CVSS
4.3
EPSS Score
0.27%
Published
2010-04-23
Updated
2017-09-19

CVE-2010-2301

Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-06-15
Updated
2020-08-06
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close