Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
Max CVSS
4.3
EPSS Score
0.30%
Published
2007-12-19
Updated
2017-07-29
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.
Max CVSS
5.0
EPSS Score
0.78%
Published
2007-08-03
Updated
2017-07-29
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
2.08%
Published
2007-06-25
Updated
2022-08-09
3 vulnerabilities found