Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-1236

EPSS 0.62% · P70
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2010-1236

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google Chrome WebKit跨站脚本攻击漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WebKit是KDE、苹果(Apple)、谷歌(Google)等公司共同开发的一套开源Web浏览器引擎,目前被Apple Safari及Google Chrome等浏览器使用。 Google Chrome 4.1.249.1036之前版本和Flock Browser 3.0.0.4112之前的3.x版本中使用的WebKit r55822之前版本的WebCore的platform/KURLGoogle.cpp中的protocolIs函数没有正确处理URL开端的空白。远程攻击者可借助特制的javascript
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2010-1236

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2010-1236

登录查看更多情报信息。

Same Patch Batch · n/a · 2010-04-01 · 48 CVEs total

CVE-2010-0837Oracle Java SE 和Business Java 组件'Pack200'未明安全漏洞
CVE-2010-0840Oracle Java SE和Java for Business Java运行时环境漏洞
CVE-2010-0842Oracle Java SE和Java for Business Sound组件未明安全漏洞
CVE-2010-0846Oracle Java SE和Java for Business ImageIO组件未明安全漏洞
CVE-2010-0847Oracle Java SE 和Business Java 组件'Java 2D'未明安全漏洞
CVE-2010-0848Oracle Java SE 和Business Java 组建'Java 2D'未明安全漏洞
CVE-2010-0849Oracle Java SE和Java for Business Java 2D组件未明安全漏洞
CVE-2010-0850Oracle Java SE 和Business Java平台Java 2D 组件未明漏洞
CVE-2010-0845Oracle Java SE 和Business Java 组件'HotSpot Server'未明安全漏洞
CVE-2010-0838Oracle Java SE和Java for Business Java 2D组件未明安全漏洞
CVE-2010-0839Oracle Java SE 和Business Java 组件'Sound'未明安全漏洞
CVE-2010-0095Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0094Oracle Java SE和Java for Business Java运行时环境漏洞
CVE-2010-0093Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0092Oracle Java SE和Java for Business JAVA运行时环境漏洞
CVE-2010-0091Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0090Oracle Java SE和Java for Business JAVA运行时环境漏洞
CVE-2010-0089Oracle Java SE 和Business Java 组件'Java Web Start, Java Plug-in'未明安全漏洞
CVE-2010-0088Oracle Java SE 和Business Java 组件'Java Runtime Environment'未明安全漏洞
CVE-2010-0087Oracle Java SE 和Business Java 组件'Java Web Start, Java Plug-in'未明安全漏洞

Showing top 20 of 48 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2010-1236

No comments yet

Leave a comment