Home > Vulnerability Database > CVE-2012-4904

Mend.io Vulnerability Database

CVE-2012-4904

Date: September 13, 2012

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.

Severity Score

3.7

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-4904

Url: https://code.google.com/p/chromium/issues/detail?id=138035

Url: http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html

Url: https://www.mend.io/vulnerability-database/CVE-2012-4904

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-4904

Date: September 13, 2012

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?