Details of VAR-201211-0084

ID

VAR-201211-0084

CVE

CVE-2012-5851

TITLE

WebKit Cross-site scripting in (XSS) Vulnerabilities that circumvent protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2012-005362

DESCRIPTION

html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. WebKit is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to bypass the cross-site scripting filter mechanism. Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A vulnerability exists in html/parser/XSSAuditor.cpp used in WebCore in WebKit in Google Chrome 22 and Safari version 5.1.7. The vulnerability stems from not considering all possible output reflection data

Trust: 1.98

sources: NVD: CVE-2012-5851 // JVNDB: JVNDB-2012-005362 // BID: 56570 // VULHUB: VHN-59132

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 2.7
vendor:	apple	model:	webkit	scope:	-	version:	-	Trust: 1.4
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.51	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.7	Trust: 1.0
vendor:	apple	model:	webkit	scope:	eq	version:	*	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.56	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.49	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.21	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.33	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.18	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.55	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.57	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.31	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.39	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.59	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.54	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.8	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.36	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.10	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.89	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.27	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.48	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.3	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.26	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.16	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.58	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.65	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.67	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.64	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.23	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.6	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.12	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.92	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.37	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.22	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.35	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.25	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.28	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.91	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.63	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.20	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.24	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.4	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.60	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.76	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.94	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.0	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.78	Trust: 1.0
vendor:	google	model:	chrome	scope:	lte	version:	22.0.1229.96	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.14	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.17	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.53	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.32	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.29	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.95	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.52	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.79	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.9	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.62	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.1	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.50	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22.0.1229.11	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	22	Trust: 0.8
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.220	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.101	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.83	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.94	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.57	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	5.0.375127	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	12.0.742.100	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	4.1.249.1042	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.223	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.303	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	18.0.1025.168	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	5.0.375.70	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.20	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.43	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.300	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	16.0.912.75	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.60	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.203	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.105	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.211	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.18	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	6.0.47255	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	13	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.221	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	19.0.1084.52	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.104	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.12	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.213	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.306	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.102	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.204	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.307	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	5.0.375125	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.551.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.208	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.128	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.19	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.301	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.14	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.15	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.205	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.16	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	4.1.2491064	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.17	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.204	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.222	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.215	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.127	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.65	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.225	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.21	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	18.0.1025.142	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.107	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.302	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.219	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.310	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	16.0.91275	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	5.0.375.55	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	17.0.96379	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.218	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.103	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.217	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.224	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	12.0.742.112	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.71	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.100	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	7.0.548.0	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.59	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.62	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	5.0.37599	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.13	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	12.0.742.91	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.78	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.308	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	9.0.597.84	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.210	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.550.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.56	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	4.0.249.89	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	15.0.874.120	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	13.0.782.107	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	14	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.77	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.309	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.214	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	16	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.209	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.202	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.226	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.551.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	17.0.96365	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	4.1.249.1045	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	19	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	4.0.249.78	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.201	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.11	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.696.68	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11.0.672.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	7.0.517.43	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	15.0.874.121	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	12	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	14.0.835.163	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.549.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	7.0.517.44	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	16.0.912.77	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.304	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	18.0.1025.151	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	18.0.1025.162	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.207	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	13.0.782.112	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	11	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.212	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.305	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.216	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.237	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.344	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	6.0.472.53	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	7.0.517.41	Trust: 0.3
vendor:	apple	model:	safari beta for windows	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	15.0.874102	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.206	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.133	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	13.0.782.215	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	10.0.648.205	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	8.0.552.200	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	14.0.835.186	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	4.0.211.0	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	17.0.963.46	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	5.0.37586	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	16.0.912.63	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	4.1.2491059	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	4.1.2491036	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	google	model:	chrome	scope:	eq	version:	14.0.835.202	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3

sources: BID: 56570 // JVNDB: JVNDB-2012-005362 // CNNVD: CNNVD-201211-284 // NVD: CVE-2012-5851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5851
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-5851
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201211-284
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-59132
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5851
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-59132
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-59132 // JVNDB: JVNDB-2012-005362 // CNNVD: CNNVD-201211-284 // NVD: CVE-2012-5851

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-59132 // JVNDB: JVNDB-2012-005362 // NVD: CVE-2012-5851

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201211-284

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201211-284

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005362

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-59132

PATCH

title:	Google Chrome	url:	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja	Trust: 0.8
title:	Bug 92692	url:	https://bugs.webkit.org/show_bug.cgi?id=92692	Trust: 0.8

sources: JVNDB: JVNDB-2012-005362

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5851	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-005362	Trust: 0.8
db:	CNNVD	id:	CNNVD-201211-284	Trust: 0.7
db:	BID	id:	56570	Trust: 0.4
db:	EXPLOIT-DB	id:	38024	Trust: 0.1
db:	VULHUB	id:	VHN-59132	Trust: 0.1

sources: VULHUB: VHN-59132 // BID: 56570 // JVNDB: JVNDB-2012-005362 // CNNVD: CNNVD-201211-284 // NVD: CVE-2012-5851

REFERENCES

url:	https://bugs.webkit.org/show_bug.cgi?id=92692	Trust: 1.7
url:	http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/80072	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5851	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5851	Trust: 0.8
url:	http://www.google.com/chrome	Trust: 0.3
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-59132 // BID: 56570 // JVNDB: JVNDB-2012-005362 // CNNVD: CNNVD-201211-284 // NVD: CVE-2012-5851

CREDITS

Tushar Dalvi

Trust: 0.3

sources: BID: 56570

SOURCES

db:	VULHUB	id:	VHN-59132
db:	BID	id:	56570
db:	JVNDB	id:	JVNDB-2012-005362
db:	CNNVD	id:	CNNVD-201211-284
db:	NVD	id:	CVE-2012-5851

LAST UPDATE DATE

2025-04-11T23:04:11.109000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-59132	date:	2017-08-29T00:00:00
db:	BID	id:	56570	date:	2012-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-005362	date:	2012-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201211-284	date:	2012-11-16T00:00:00
db:	NVD	id:	CVE-2012-5851	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-59132	date:	2012-11-15T00:00:00
db:	BID	id:	56570	date:	2012-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-005362	date:	2012-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201211-284	date:	2012-11-16T00:00:00
db:	NVD	id:	CVE-2012-5851	date:	2012-11-15T11:58:40.447