Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1724 — Cross-site Scripting in Apple Iphone OS

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.5%

top 18.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Iphone OS Apple Safari

Timeline

PublishedJul 9

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDapple/iphone_os3.0.1+20

▶NVDapple/safari4.0.1+26

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-g6jx-986q-p3fm: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4↗2022-05-02

▶

OSV

CVE-2009-1724: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4↗2009-07-09

▶

💥Exploits & PoCs

Exploit-DB

WebKit - 'parent/top' Cross Domain Scripting↗2009-05-19

▶

📋Vendor Advisories

Red Hat

kdelibs: possible XSS vulnerability↗2009-05-20

▶

💬Community

Bugzilla

CVE-2009-1724 kdelibs: possible XSS vulnerability↗2009-07-27

▶