Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
Max CVSS
4.3
EPSS Score
0.29%
Published
2003-03-07
Updated
2016-10-18
Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
0.34%
Published
2005-05-02
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
Max CVSS
4.3
EPSS Score
0.82%
Published
2005-08-19
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
Max CVSS
2.6
EPSS Score
0.49%
Published
2006-03-03
Updated
2017-07-20
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
Max CVSS
4.3
EPSS Score
0.58%
Published
2007-01-25
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.
Max CVSS
4.3
EPSS Score
0.46%
Published
2007-06-14
Updated
2018-10-16
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
Max CVSS
4.3
EPSS Score
0.76%
Published
2007-06-25
Updated
2022-08-09
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
2.08%
Published
2007-06-25
Updated
2022-08-09
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.
Max CVSS
5.0
EPSS Score
0.78%
Published
2007-08-03
Updated
2017-07-29
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
0.28%
Published
2007-08-03
Updated
2017-07-29
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
Max CVSS
7.8
EPSS Score
0.34%
Published
2007-06-28
Updated
2008-11-15
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
1.15%
Published
2007-09-27
Updated
2022-08-09
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.
Max CVSS
4.3
EPSS Score
0.49%
Published
2007-09-27
Updated
2022-08-09
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain.
Max CVSS
4.3
EPSS Score
0.27%
Published
2007-09-27
Updated
2022-08-09
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
Max CVSS
4.3
EPSS Score
0.57%
Published
2007-11-15
Updated
2017-07-29
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
Max CVSS
4.3
EPSS Score
0.28%
Published
2007-12-19
Updated
2017-07-29
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
Max CVSS
4.3
EPSS Score
0.49%
Published
2007-12-19
Updated
2022-08-09
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.
Max CVSS
4.3
EPSS Score
0.33%
Published
2008-03-19
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.
Max CVSS
4.3
EPSS Score
0.37%
Published
2008-03-19
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
0.39%
Published
2008-03-19
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08
153 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!