CVE-2011-1295

EPSS 2.29%
Veröffentlicht 25.03.2011 19:55:01
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version < 10.0.648.204

Apple ≫ Safari Version < 5.0.6

Apple ≫ iPhone OS Version < 5.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.29%	0.832

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT4808

Third Party Advisory

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT4999

Third Party Advisory

http://googlechromereleases.blogspot.com/2011/03/stable-channel-update.html

Vendor Advisory