CVE-2012-5851

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

Published: Nov 15, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-5851
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
google / chrome	22.0.1229.23	22.0.1229.23.x
google / chrome	22.0.1229.63	22.0.1229.63.x
google / chrome	22.0.1229.18	22.0.1229.18.x
google / chrome	22.0.1229.33	22.0.1229.33.x
google / chrome	22.0.1229.9	22.0.1229.9.x
google / chrome	22.0.1229.57	22.0.1229.57.x
google / chrome	22.0.1229.32	22.0.1229.32.x
google / chrome	22.0.1229.54	22.0.1229.54.x
google / chrome	22.0.1229.16	22.0.1229.16.x
google / chrome	22.0.1229.4	22.0.1229.4.x
google / chrome	22.0.1229.21	22.0.1229.21.x
google / chrome	22.0.1229.95	22.0.1229.95.x
google / chrome	22.0.1229.78	22.0.1229.78.x
google / chrome	22.0.1229.12	22.0.1229.12.x
google / chrome	22.0.1229.31	22.0.1229.31.x
google / chrome	22.0.1229.92	22.0.1229.92.x
google / chrome	22.0.1229.89	22.0.1229.89.x
google / chrome	22.0.1229.10	22.0.1229.10.x
google / chrome	22.0.1229.2	22.0.1229.2.x
google / chrome	22.0.1229.22	22.0.1229.22.x
google / chrome	22.0.1229.35	22.0.1229.35.x
google / chrome	22.0.1229.50	22.0.1229.50.x
google / chrome	22.0.1229.36	22.0.1229.36.x
google / chrome	22.0.1229.60	22.0.1229.60.x
google / chrome	22.0.1229.62	22.0.1229.62.x
google / chrome	22.0.1229.25	22.0.1229.25.x
google / chrome	22.0.1229.51	22.0.1229.51.x
google / chrome	22.0.1229.0	22.0.1229.0.x
google / chrome	22.0.1229.1	22.0.1229.1.x
google / chrome	22.0.1229.7	22.0.1229.7.x
google / chrome	22.0.1229.17	22.0.1229.17.x
google / chrome	22.0.1229.20	22.0.1229.20.x
google / chrome	22.0.1229.26	22.0.1229.26.x
google / chrome	22.0.1229.65	22.0.1229.65.x
google / chrome	22.0.1229.8	22.0.1229.8.x
google / chrome	22.0.1229.59	22.0.1229.59.x
google / chrome	22.0.1229.37	22.0.1229.37.x
google / chrome	22.0.1229.52	22.0.1229.52.x
google / chrome	22.0.1229.49	22.0.1229.49.x
google / chrome	22.0.1229.55	22.0.1229.55.x
google / chrome	22.0.1229.64	22.0.1229.64.x
google / chrome	22.0.1229.27	22.0.1229.27.x
google / chrome	22.0.1229.28	22.0.1229.28.x
google / chrome	22.0.1229.76	22.0.1229.76.x
google / chrome	22.0.1229.56	22.0.1229.56.x
google / chrome	22.0.1229.48	22.0.1229.48.x
google / chrome	22.0.1229.67	22.0.1229.67.x
google / chrome	22.0.1229.29	22.0.1229.29.x
google / chrome	22.0.1229.14	22.0.1229.14.x
google / chrome	22.0.1229.79	22.0.1229.79.x
google / chrome	22.0.1229.11	22.0.1229.11.x
apple / webkit	-	-
google / chrome	22.0.1229.6	22.0.1229.6.x
google / chrome	22.0.1229.24	22.0.1229.24.x
google / chrome	22.0.1229.3	22.0.1229.3.x
google / chrome	-	22.0.1229.96.x
google / chrome	22.0.1229.94	22.0.1229.94.x
google / chrome	22.0.1229.58	22.0.1229.58.x
google / chrome	22.0.1229.39	22.0.1229.39.x
google / chrome	22.0.1229.53	22.0.1229.53.x
google / chrome	22.0.1229.91	22.0.1229.91.x
apple / safari	5.1.7	5.1.7.x

Vulnerability Database

289,697

CVE-2012-5851