CVE-2013-2849

EUVD-2013-2788
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 27.0.1453.91
googlechrome
27.0.1453.0
googlechrome
27.0.1453.1
googlechrome
27.0.1453.2
googlechrome
27.0.1453.3
googlechrome
27.0.1453.4
googlechrome
27.0.1453.5
googlechrome
27.0.1453.6
googlechrome
27.0.1453.7
googlechrome
27.0.1453.8
googlechrome
27.0.1453.9
googlechrome
27.0.1453.10
googlechrome
27.0.1453.11
googlechrome
27.0.1453.12
googlechrome
27.0.1453.13
googlechrome
27.0.1453.15
googlechrome
27.0.1453.34
googlechrome
27.0.1453.35
googlechrome
27.0.1453.36
googlechrome
27.0.1453.37
googlechrome
27.0.1453.38
googlechrome
27.0.1453.39
googlechrome
27.0.1453.40
googlechrome
27.0.1453.41
googlechrome
27.0.1453.42
googlechrome
27.0.1453.43
googlechrome
27.0.1453.44
googlechrome
27.0.1453.45
googlechrome
27.0.1453.46
googlechrome
27.0.1453.47
googlechrome
27.0.1453.49
googlechrome
27.0.1453.50
googlechrome
27.0.1453.51
googlechrome
27.0.1453.52
googlechrome
27.0.1453.54
googlechrome
27.0.1453.55
googlechrome
27.0.1453.56
googlechrome
27.0.1453.57
googlechrome
27.0.1453.58
googlechrome
27.0.1453.59
googlechrome
27.0.1453.60
googlechrome
27.0.1453.61
googlechrome
27.0.1453.62
googlechrome
27.0.1453.63
googlechrome
27.0.1453.64
googlechrome
27.0.1453.65
googlechrome
27.0.1453.66
googlechrome
27.0.1453.67
googlechrome
27.0.1453.68
googlechrome
27.0.1453.69
googlechrome
27.0.1453.70
googlechrome
27.0.1453.71
googlechrome
27.0.1453.72
googlechrome
27.0.1453.73
googlechrome
27.0.1453.74
googlechrome
27.0.1453.75
googlechrome
27.0.1453.76
googlechrome
27.0.1453.77
googlechrome
27.0.1453.78
googlechrome
27.0.1453.79
googlechrome
27.0.1453.80
googlechrome
27.0.1453.81
googlechrome
27.0.1453.82
googlechrome
27.0.1453.83
googlechrome
27.0.1453.84
googlechrome
27.0.1453.85
googlechrome
27.0.1453.86
googlechrome
27.0.1453.87
googlechrome
27.0.1453.88
googlechrome
27.0.1453.89
googlechrome
27.0.1453.90
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 28.0.1500.52-0ubuntu1.12.04.2
released
quantal
Fixed 28.0.1500.52-0ubuntu1.12.10.3
released
raring
Fixed 28.0.1500.52-0ubuntu1.13.04.3
released
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
http://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=171392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16753
http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html
http://www.debian.org/security/2013/dsa-2695
https://code.google.com/p/chromium/issues/detail?id=171392
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16753