CVE-2014-1747

Advisory lineage Upstream: 0 Downstream: 4
Deferred
Published: 21 May 2014, 10:00
Last modified:06 Aug 2024, 09:50

Vulnerability Summary

Overall Risk (default)
low
17/100
CVSS Score
4.3 MEDIUM
v2.0 (nvd)
EPSS Score
0.42% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

21 May 2014, 10:00
Published
Vulnerability first disclosed
06 Aug 2024, 09:50
Last Modified
Vulnerability information updated

Description

Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."

CVSS Metrics

  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.42% Percentile: 62%

Techniques & Countermeasures

  • CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Affected Systems

  • googlechrome

    ≤ 35.0.1916.113 | 35.0.1916.0 | 35.0.1916.1 | 35.0.1916.2 | 35.0.1916.3 | 35.0.1916.4 | 35.0.1916.5 | 35.0.1916.6 | 35.0.1916.7 | 35.0.1916.8 | 35.0.1916.9 | 35.0.1916.10 | 35.0.1916.11 | 35.0.1916.13 | 35.0.1916.14 | 35.0.1916.15 | 35.0.1916.17 | 35.0.1916.18 | 35.0.1916.19 | 35.0.1916.20 | 35.0.1916.21 | 35.0.1916.22 | 35.0.1916.23 | 35.0.1916.27 | 35.0.1916.31 | 35.0.1916.32 | 35.0.1916.33 | 35.0.1916.34 | 35.0.1916.35 | 35.0.1916.36 | 35.0.1916.37 | 35.0.1916.38 | 35.0.1916.39 | 35.0.1916.40 | 35.0.1916.41 | 35.0.1916.42 | 35.0.1916.43 | 35.0.1916.44 | 35.0.1916.45 | 35.0.1916.46 | 35.0.1916.47 | 35.0.1916.48 | 35.0.1916.49 | 35.0.1916.51 | 35.0.1916.52 | 35.0.1916.54 | 35.0.1916.56 | 35.0.1916.57 | 35.0.1916.59 | 35.0.1916.61 | 35.0.1916.68 | 35.0.1916.69 | 35.0.1916.71 | 35.0.1916.72 | 35.0.1916.74 | 35.0.1916.77 | 35.0.1916.80 | 35.0.1916.82 | 35.0.1916.84 | 35.0.1916.85 | 35.0.1916.86 | 35.0.1916.88 | 35.0.1916.90 | 35.0.1916.92 | 35.0.1916.93 | 35.0.1916.95 | 35.0.1916.96 | 35.0.1916.98 | 35.0.1916.99 | 35.0.1916.101 | 35.0.1916.103 | 35.0.1916.104 | 35.0.1916.105 | 35.0.1916.106 | 35.0.1916.107 | 35.0.1916.108 | 35.0.1916.109 | 35.0.1916.110 | 35.0.1916.111 | 35.0.1916.112

References (9)