Lucene search

[email protected]CVE-2007-2391

HistoryJun 14, 2007 - 6:30 p.m.

CVE-2007-2391

2007-06-1418:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-2391

cross-site scripting

xss

apple safari

windows

remote attack

web script

html

settimeout

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.

Affected configurations

NVD

Node

applesafariMatch3.0.1windows

CPENameOperatorVersion
apple:safariapple safarieq3.0.1

CPE	Name	Operator	Version
apple:safari	apple safari	eq	3.0.1

References

lists.apple.com/archives/security-announce/2007/Jun/msg00000.html

osvdb.org/36605

securitytracker.com/id?1018238

www.securityfocus.com/archive/1/471255/100/0/threaded

www.securityfocus.com/archive/1/471266/100/0/threaded

www.securityfocus.com/bid/24457

www.vupen.com/english/advisories/2007/2192

exchange.xforce.ibmcloud.com/vulnerabilities/34847

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for CVE-2007-2391

nvd1 cvelist1 prion1