CVE-2013-2849

Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
googlechrome
𝑥
≤ 27.0.1453.91
googlechrome
27.0.1453.0
googlechrome
27.0.1453.1
googlechrome
27.0.1453.2
googlechrome
27.0.1453.3
googlechrome
27.0.1453.4
googlechrome
27.0.1453.5
googlechrome
27.0.1453.6
googlechrome
27.0.1453.7
googlechrome
27.0.1453.8
googlechrome
27.0.1453.9
googlechrome
27.0.1453.10
googlechrome
27.0.1453.11
googlechrome
27.0.1453.12
googlechrome
27.0.1453.13
googlechrome
27.0.1453.15
googlechrome
27.0.1453.34
googlechrome
27.0.1453.35
googlechrome
27.0.1453.36
googlechrome
27.0.1453.37
googlechrome
27.0.1453.38
googlechrome
27.0.1453.39
googlechrome
27.0.1453.40
googlechrome
27.0.1453.41
googlechrome
27.0.1453.42
googlechrome
27.0.1453.43
googlechrome
27.0.1453.44
googlechrome
27.0.1453.45
googlechrome
27.0.1453.46
googlechrome
27.0.1453.47
googlechrome
27.0.1453.49
googlechrome
27.0.1453.50
googlechrome
27.0.1453.51
googlechrome
27.0.1453.52
googlechrome
27.0.1453.54
googlechrome
27.0.1453.55
googlechrome
27.0.1453.56
googlechrome
27.0.1453.57
googlechrome
27.0.1453.58
googlechrome
27.0.1453.59
googlechrome
27.0.1453.60
googlechrome
27.0.1453.61
googlechrome
27.0.1453.62
googlechrome
27.0.1453.63
googlechrome
27.0.1453.64
googlechrome
27.0.1453.65
googlechrome
27.0.1453.66
googlechrome
27.0.1453.67
googlechrome
27.0.1453.68
googlechrome
27.0.1453.69
googlechrome
27.0.1453.70
googlechrome
27.0.1453.71
googlechrome
27.0.1453.72
googlechrome
27.0.1453.73
googlechrome
27.0.1453.74
googlechrome
27.0.1453.75
googlechrome
27.0.1453.76
googlechrome
27.0.1453.77
googlechrome
27.0.1453.78
googlechrome
27.0.1453.79
googlechrome
27.0.1453.80
googlechrome
27.0.1453.81
googlechrome
27.0.1453.82
googlechrome
27.0.1453.83
googlechrome
27.0.1453.84
googlechrome
27.0.1453.85
googlechrome
27.0.1453.86
googlechrome
27.0.1453.87
googlechrome
27.0.1453.88
googlechrome
27.0.1453.89
googlechrome
27.0.1453.90
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
raring
Fixed 28.0.1500.52-0ubuntu1.13.04.3
released
quantal
Fixed 28.0.1500.52-0ubuntu1.12.10.3
released
precise
Fixed 28.0.1500.52-0ubuntu1.12.04.2
released
lucid
ignored
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
http://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=171392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16753
http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
http://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=171392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16753