6.1
CVE-2017-5124
- EPSS 5.25%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:27:06
- CVE-Watchlists
- Unerledigt
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.25% | 0.915 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://www.securityfocus.com/bid/101482
https://access.redhat.com/errata/RHSA-2017:2997
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
https://security.gentoo.org/glsa/201710-24
https://www.debian.org/security/2017/dsa-4020
https://chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404d25537070
https://crbug.com/762930
https://github.com/Bo0oM/CVE-2017-5124
https://www.reddit.com/r/netsec/comments/7cus2h/chrome_61_uxss_exploit_cve20175124/