Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0162 — Cross-site Scripting in Apple Safari

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

2.9%

top 13.68%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Safari

Timeline

PublishedMay 13

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari3.2.2+45

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-wj43-5c4q-373q: Cross-site scripting (XSS) vulnerability in Safari before 3↗2022-05-02

▶

💥Exploits & PoCs

Exploit-DB

Apple Safari 3.2.2 - 'feed:' URI Multiple Input Validation Vulnerabilities↗2009-05-12

▶