CVE-2010-2301

Published: Jun 15, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.

Affected (7)

Products: Google: Chrome · Opensuse: Opensuse · Suse: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server

1 product

1 product

2 products

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 5.0.375.70

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.2
Opensuse Opensuse	Version 11.3
Suse Suse Linux Enterprise Desktop	Version 10 sp3
Suse Suse Linux Enterprise Desktop	Version 11 sp1
Suse Suse Linux Enterprise Server	Version 10 sp3
Suse Suse Linux Enterprise Server	Version 11 sp1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

http://code.google.com/p/chromium/issues/detail?id=43902

Source: cve@mitre.org

Vendor Advisory

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

Source: cve@mitre.org

Release NotesVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://secunia.com/advisories/40072

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/43068

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: cve@mitre.org

Permissions Required

https://bugs.webkit.org/show_bug.cgi?id=38922

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11861

Source: cve@mitre.org

Third Party Advisory

http://code.google.com/p/chromium/issues/detail?id=43902

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://secunia.com/advisories/40072

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://bugs.webkit.org/show_bug.cgi?id=38922

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11861

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.