CVE-2008-1007 — Cross-site Scripting in Apple Safari

CWE-79 — Cross-site Scripting5 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.9%

top 23.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedMar 19

Latest updateMay 1

Description

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari3.0.4+15

🔴Vulnerability Details

GHSA

GHSA-q4fm-cwv5-w77r: WebCore, as used in Apple Safari before 3↗2022-05-01

▶

💬Community

Bugzilla

CVE-2008-1563 wireshark: crash in SCCP dissector↗2008-04-01

▶

Bugzilla

CVE-2008-1562 wireshark: crash in LDAP dissector↗2008-04-01

▶

Bugzilla

CVE-2008-1561 wireshark: crash in X.509sat and Roofnet dissectors↗2008-04-01

▶