CVE-2008-1036 — Cross-site Scripting in Apple MAC OS X

CWE-79 — Cross-site Scripting9 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

2.6%

top 14.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server Redhat Enterprise Linux

Timeline

PublishedJun 2

Latest updateMay 1

Description

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/mac_os_x4 versions+3

▶NVDapple/mac_os_x_server4 versions+3

Also affects: Enterprise Linux 5

Patches

Patch: lists.apple.com ↗Patch: www.us-cert.gov ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-w398-xcxp-rxmr: The International Components for Unicode (ICU) library in Apple Mac OS X before 10↗2022-05-01

▶

CVEList

CVE-2008-1036: The International Components for Unicode (ICU) library in Apple Mac OS X before 10↗2008-06-02

▶

OSV

CVE-2008-1036: The International Components for Unicode (ICU) library in Apple Mac OS X before 10↗2008-06-02

▶

📋Vendor Advisories

Ubuntu

ICU vulnerability↗2009-03-26

▶

Red Hat

ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)↗2008-05-28

▶

Debian

CVE-2008-1036: icu - The International Components for Unicode (ICU) library in Apple Mac OS X before ...↗2008

▶

💬Community

Bugzilla

CVE-2009-0153 icu: XSS vulnerability due to improper invalid byte sequence handling↗2009-05-28

▶

Bugzilla

CVE-2008-1036 ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible)↗2008-09-26

▶