CVE-2009-3263

Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content."

Published: Sep 19, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3263
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
google / chrome	2.0.172.8	2.0.172.8.x
google / chrome	3.0.182.2	3.0.182.2.x
google / chrome	2.0.172.38	2.0.172.38.x
google / chrome	2.0.170.0	2.0.170.0.x
google / chrome	2.0.169.1	2.0.169.1.x
google / chrome	2.0.172.33	2.0.172.33.x
google / chrome	2.0.172.27	2.0.172.27.x
google / chrome	2.0.157.2	2.0.157.2.x
google / chrome	2.0.157.0	2.0.157.0.x
google / chrome	2.0.172.2	2.0.172.2.x
google / chrome	2.0.169.0	2.0.169.0.x
google / chrome	2.0.172	2.0.172.x
google / chrome	2.0.172.30	2.0.172.30.x
google / chrome	3.0.193.2-beta	3.0.193.2-beta.x
google / chrome	2.0.156.1	2.0.156.1.x
google / chrome	3.0.190.2	3.0.190.2.x
google / chrome	2.0.159.0	2.0.159.0.x
google / chrome	2.0.158.0	2.0.158.0.x
google / chrome	2.0.172.28	2.0.172.28.x
google / chrome	2.0.172.31	2.0.172.31.x
google / chrome	2.0.172.37	2.0.172.37.x

Vulnerability Database

289,689

CVE-2009-3263