CVE-2011-0169 — Cross-site Scripting in Apple Safari

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

2.6LOWNVD

EPSS

0.4%

top 41.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedMar 11

Latest updateMay 17

Description

WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari5.0.3+53

🔴Vulnerability Details

GHSA

GHSA-h749-7h9c-cq2g: WebKit in Apple Safari before 5↗2022-05-17

▶

OSV

CVE-2011-0169: WebKit in Apple Safari before 5↗2011-03-11

▶

💬Community

HackerOne

SSL/TLS Vulnerability at khanacademy.org↗2017-02-22

▶