CVE-2008-1025 — Cross-site Scripting in Apple Safari

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

1.0%

top 23.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedApr 17

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari17 versions+16

🔴Vulnerability Details

GHSA

GHSA-f78f-272x-wgmv: Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3↗2022-05-01

▶

📋Vendor Advisories

Red Hat

WebKit: XSS via URLs with colon↗2008-04-16

▶

💬Community

Bugzilla

CVE-2008-1025 WebKit: XSS via URLs with colon↗2008-04-23

▶