CVE-2011-3218Cross-site Scripting in Apple MAC OS X

CWE-79Cross-site Scripting3 documents3 sources
Severity
2.6LOWNVD
EPSS
0.7%
top 28.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedOct 14
Latest updateMay 17

Description

The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDapple/mac_os_x_server10.6.8+65
NVDapple/mac_os_x10.6.8+65

🔴Vulnerability Details

2
GHSA
GHSA-485w-3qw7-xvjq: The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 102022-05-17
CVEList
CVE-2011-3218: The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 102011-10-14
CVE-2011-3218 — Cross-site Scripting in Apple MAC OS X | cvebase