Cross-Site Scripting (XSS) bypass vulnerability in WebKit

Cross-Site Scripting (XSS) bypass vulnerability in WebKit

CVE-2012-5851 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.

Learn more about our Cis Benchmark Audit For Google Chrome.