CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
51.4%
The “Save for Web” selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | mac_os_x_server | 10.6.5 | cpe:/o:apple:mac_os_x_server:10.6.5::: |
apple | mac_os_x | 10.2.0 | cpe:/o:apple:mac_os_x:10.2.0::: |
apple | mac_os_x_server | 10.2.5 | cpe:/o:apple:mac_os_x_server:10.2.5::: |
apple | mac_os_x_server | 10.3.4 | cpe:/o:apple:mac_os_x_server:10.3.4::: |
apple | mac_os_x_server | 10.2.3 | cpe:/o:apple:mac_os_x_server:10.2.3::: |
apple | mac_os_x | 10.4.0 | cpe:/o:apple:mac_os_x:10.4.0::: |
apple | mac_os_x_server | 10.3.3 | cpe:/o:apple:mac_os_x_server:10.3.3::: |
apple | mac_os_x | 10.6.2 | cpe:/o:apple:mac_os_x:10.6.2::: |
apple | mac_os_x | 10.5.3 | cpe:/o:apple:mac_os_x:10.5.3::: |
apple | mac_os_x | 10.6.4 | cpe:/o:apple:mac_os_x:10.6.4::: |