html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2012-11-15T11:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2012-11-08T00:00:00
Link: CVE-2012-5851
JSON object: View
NVD Information
Status : Modified
Published: 2012-11-15T11:58:40.447
Modified: 2017-08-29T01:32:48.963
Link: CVE-2012-5851
JSON object: View
Redhat Information
No data.
CWE