Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1684 — Cross-site Scripting in Apple Safari

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

2.0%

top 16.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Safari

Timeline

PublishedJun 10

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari4.0_beta+25

Patches

Patch: lists.apple.com ↗Patch: securitytracker.com ↗Patch: support.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-grrr-84rx-ch99: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4↗2022-05-02

▶

OSV

CVE-2009-1684: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4↗2009-06-10

▶

💥Exploits & PoCs

Exploit-DB

WebKit - JavaScript 'onload()' Event Cross Domain Scripting↗2009-05-08

▶