CVE-2008-1006 — Cross-site Scripting in Apple Safari

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedMar 19

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari16 versions+15

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-x542-vw5v-gf66: Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

VeryPDF PDFView - ActiveX Component Heap Buffer Overflow↗2008-11-15

▶

Exploit-DB

VeryPDF PDFView - OCX ActiveX OpenPDF Heap Overflow (PoC)↗2008-11-15

▶