Apple » Safari » 3.0 : Security Vulnerabilities, CVEs, Published In 2008 (XSS)

cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*

CVE-2008-1025

Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.
Max CVSS
4.3
EPSS Score
0.37%
Published
2008-04-17
Updated
2017-08-08

CVE-2008-1011

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.
Max CVSS
4.3
EPSS Score
0.37%
Published
2008-03-19
Updated
2017-08-08

CVE-2008-1009

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08

CVE-2008-1008

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08

CVE-2008-1007

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
0.39%
Published
2008-03-19
Updated
2017-08-08

CVE-2008-1006

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08

CVE-2008-1004

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08

CVE-2008-1003

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-03-19
Updated
2017-08-08

CVE-2008-1002

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.
Max CVSS
4.3
EPSS Score
0.37%
Published
2008-03-19
Updated
2017-08-08

CVE-2008-1001

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.
Max CVSS
4.3
EPSS Score
0.33%
Published
2008-03-19
Updated
2018-10-30
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close