Apple : Security Vulnerabilities, CVEs, Published In June 2010 (XSS)
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
Max CVSS
4.3
EPSS Score
0.34%
Published
2010-06-11
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.
Max CVSS
4.3
EPSS Score
0.36%
Published
2010-06-11
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."
Max CVSS
4.3
EPSS Score
0.36%
Published
2010-06-11
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.
Max CVSS
4.3
EPSS Score
0.36%
Published
2010-06-11
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document.
Max CVSS
4.3
EPSS Score
0.36%
Published
2010-06-11
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.
Max CVSS
4.3
EPSS Score
0.34%
Published
2010-06-11
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.
Max CVSS
3.5
EPSS Score
0.26%
Published
2010-06-17
Updated
2010-06-18
Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."
Max CVSS
4.3
EPSS Score
0.35%
Published
2010-06-17
Updated
2010-06-17
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.
Max CVSS
4.3
EPSS Score
0.34%
Published
2010-06-11
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.
Max CVSS
4.3
EPSS Score
0.32%
Published
2010-06-17
Updated
2012-11-06
10 vulnerabilities found