CVE-2008-1006

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307563
http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html	Patch
http://secunia.com/advisories/29393
http://www.securityfocus.com/bid/28290
http://www.securityfocus.com/bid/28332
http://www.securitytracker.com/id?1019653
http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/0920/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41326
http://docs.info.apple.com/article.html?artnum=307563
http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html	Patch
http://secunia.com/advisories/29393
http://www.securityfocus.com/bid/28290
http://www.securityfocus.com/bid/28332
http://www.securitytracker.com/id?1019653
http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/0920/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41326

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari:0.8:::::::*
	cpe:2.3:a:apple:safari:0.9:::::::*
	cpe:2.3:a:apple:safari:1.0:::::::*
	cpe:2.3:a:apple:safari:1.1:::::::*
	cpe:2.3:a:apple:safari:1.2:::::::*
	cpe:2.3:a:apple:safari:1.3:::::::*
	cpe:2.3:a:apple:safari:1.3.1:::::::*
	cpe:2.3:a:apple:safari:1.3.2:::::::*
	cpe:2.3:a:apple:safari:2.0:::::::*
	cpe:2.3:a:apple:safari:2.0.2:::::::*
	cpe:2.3:a:apple:safari:2.0.4:::::::*
	cpe:2.3:a:apple:safari:3.0:::::::*
	cpe:2.3:a:apple:safari:3.0.1:::::::*
	cpe:2.3:a:apple:safari:3.0.2:::::::*
	cpe:2.3:a:apple:safari:3.0.3:::::::*
	cpe:2.3:a:apple:safari:3.0.4:::::::*

History

21 Nov 2024, 00:43

Type	Values Removed	Values Added
References	~~() http://docs.info.apple.com/article.html?artnum=307563 -~~	() http://docs.info.apple.com/article.html?artnum=307563 -
References	~~() http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html - Patch~~	() http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html - Patch
References	~~() http://secunia.com/advisories/29393 -~~	() http://secunia.com/advisories/29393 -
References	~~() http://www.securityfocus.com/bid/28290 -~~	() http://www.securityfocus.com/bid/28290 -
References	~~() http://www.securityfocus.com/bid/28332 -~~	() http://www.securityfocus.com/bid/28332 -
References	~~() http://www.securitytracker.com/id?1019653 -~~	() http://www.securitytracker.com/id?1019653 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA08-079A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA08-079A.html - US Government Resource
References	~~() http://www.vupen.com/english/advisories/2008/0920/references -~~	() http://www.vupen.com/english/advisories/2008/0920/references -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/41326 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/41326 -

Information

Published : 2008-03-19 00:44

Updated : 2024-11-21 00:43

NVD link : CVE-2008-1006

Mitre link : CVE-2008-1006

CVE.ORG link : CVE-2008-1006

JSON object : View

Products Affected

apple

safari

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10