Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the context of the HTTP site.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
google chrome 跨站脚本攻击漏洞
Vulnerability Description
Google Chrome 1.0.154.48及之前版本,2.0.172.28,2.0.172.37和3.0.193.2 Beta没有在HTTP响应中正确的拦截刷新眉首中的数据:URIs,这使得远程攻击者可以借助一些向量,执行跨站脚本攻击。这些向量涉及(1)注入一个包含data:text/html URI中的JavaScript序列的刷新头或(2)在详细说明刷新头的内容时,借助JavaScript序列输入一个data:text/html URI。
CVSS Information
N/A
Vulnerability Type
N/A