Apple : Security Vulnerabilities, CVEs, Published In 2012 (XSS) CVSS score >= 3
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
Max CVSS
4.3
EPSS Score
0.15%
Published
2012-11-15
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property.
Max CVSS
4.3
EPSS Score
0.25%
Published
2012-07-25
Updated
2013-03-22
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
Max CVSS
4.3
EPSS Score
0.57%
Published
2012-09-26
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.
Max CVSS
4.3
EPSS Score
0.11%
Published
2012-07-25
Updated
2012-08-08
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.
Max CVSS
4.3
EPSS Score
0.21%
Published
2012-03-08
Updated
2018-11-29
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.
Max CVSS
4.3
EPSS Score
0.21%
Published
2012-03-08
Updated
2018-11-29
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.
Max CVSS
4.3
EPSS Score
0.21%
Published
2012-03-08
Updated
2018-11-29
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.
Max CVSS
4.3
EPSS Score
0.21%
Published
2012-03-08
Updated
2018-11-29
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589.
Max CVSS
4.3
EPSS Score
0.21%
Published
2012-03-08
Updated
2018-11-29
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.26%
Published
2012-03-30
Updated
2020-04-14
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
Max CVSS
10.0
EPSS Score
1.78%
Published
2012-03-09
Updated
2020-04-16
11 vulnerabilities found