CVE-2009-3263
Last modified
CVE-2009-3263 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content.". EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Chrome | 2.0.156.1 | — | |
| Chrome | 2.0.157.0 | — | |
| Chrome | 2.0.157.2 | — | |
| Chrome | 2.0.158.0 | — | |
| Chrome | 2.0.159.0 | — | |
| Chrome | 2.0.169.0 | — | |
| Chrome | 2.0.169.1 | — | |
| Chrome | 2.0.170.0 | — | |
| Chrome | 2.0.172 | — | |
| Chrome | 2.0.172.2 | — | |
| Chrome | 2.0.172.8 | — | |
| Chrome | 2.0.172.27 | — | |
| Chrome | 2.0.172.28 | — | |
| Chrome | 2.0.172.30 | — | |
| Chrome | 2.0.172.31 | — | |
| Chrome | 2.0.172.33 | — | |
| Chrome | 2.0.172.37 | — | |
| Chrome | 2.0.172.38 | — | |
| Chrome | 3.0.182.2 | — | |
| Chrome | 3.0.190.2 | — | |
| Chrome | 3.0.193.2 | Beta |
References
- http://secunia.com/advisories/36770Vendor Advisory
- http://secunia.com/advisories/36770Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3263?
How severe is CVE-2009-3263?
How do I fix CVE-2009-3263?
Are you affected by CVE-2009-3263?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST