CVE-2008-1004Cross-site Scripting in Apple Safari

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.8%
top 25.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedMar 19
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapple/safari16 versions+15

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

1
GHSA
GHSA-6gq8-wpvx-x83r: Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 32022-05-01

💬Community

1
Bugzilla
CVE-2008-5986 csound: untrusted python modules search path2009-01-26