CVE-2007-0478

2007-01-2500:28:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

4.8

Confidence

High

EPSS

0.007

Percentile

80.1%

JSON

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.

Affected configurations

Nvd

Node

applemac_os_xMatch10.3.9

applemac_os_xMatch10.4.10

AND

applesafari

applewebcore

VendorProductVersionCPE
applemac_os_x10.3.9cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
applemac_os_x10.4.10cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
applewebcore*cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	10.3.9	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
apple	mac_os_x	10.4.10	cpe:2.3:o:apple:mac_os_x:10.4.10:::::::*
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	webcore	*	cpe:2.3:a:apple:webcore::::::::