Home > Vulnerability Database > CVE-2012-4904

Mend.io Vulnerability Database

CVE-2012-4904

Date: October 3, 2022

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.

Severity Score

3.7

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-4904

Url: https://code.google.com/p/chromium/issues/detail?id=138035

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-4904

Url: http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html

Url: https://www.mend.io/vulnerability-database/CVE-2012-4904

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-4904

Date: October 3, 2022

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?