Lucene search

[email protected]CVE-2009-1702

HistoryJun 10, 2009 - 6:00 p.m.

CVE-2009-1702

2009-06-1018:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1702

cross-site scripting

xss

webkit

apple safari

iphone os

ipod touch

nvd

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.0%

JSON

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.

Affected configurations

NVD

Node

applesafariRange≤3.2.2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.3417.9.3

applesafariMatch2.0.4

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.0b

applesafariMatch3.0.1

applesafariMatch3.0.1beta

applesafariMatch3.0.1b

applesafariMatch3.0.2

applesafariMatch3.0.2b

applesafariMatch3.0.3

applesafariMatch3.0.3b

applesafariMatch3.0.4

applesafariMatch3.0.4b

applesafariMatch3.1.0

applesafariMatch3.1.0b

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2.0

applesafariMatch3.2.1

Node

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

AND

appleipod_touch

appleiphone_os

CPENameOperatorVersion
apple:safariapple safarile3.2.2
apple:safariapple safarieq2.0
apple:safariapple safarieq2.0.0
apple:safariapple safarieq2.0.1
apple:safariapple safarieq2.0.2
apple:safariapple safarieq2.0.3
apple:safariapple safarieq2.0.4
apple:safariapple safarieq3.0
apple:safariapple safarieq3.0.0
apple:safariapple safarieq3.0.0b

CPE	Name	Operator	Version
apple:safari	apple safari	le	3.2.2
apple:safari	apple safari	eq	2.0
apple:safari	apple safari	eq	2.0.0
apple:safari	apple safari	eq	2.0.1
apple:safari	apple safari	eq	2.0.2
apple:safari	apple safari	eq	2.0.3
apple:safari	apple safari	eq	2.0.4
apple:safari	apple safari	eq	3.0
apple:safari	apple safari	eq	3.0.0
apple:safari	apple safari	eq	3.0.0b