CVE-2011-1295Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation2 documents2 sources
Severity
7.5HIGHNVD
EPSS
2.3%
top 15.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Iphone OSApple SafariGoogle Chrome
Timeline
PublishedMar 25
Latest updateMay 13

Description

WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDapple/safari< 5.0.6
NVDgoogle/chrome< 10.0.648.204
NVDapple/iphone_os< 5.0

🔴Vulnerability Details

1
GHSA
GHSA-q76x-5hqf-pqhq: WebKit, as used in Google Chrome before 102022-05-13