Lucene search

[email protected]NVD:CVE-2009-1689

HistoryJun 10, 2009 - 2:30 p.m.

CVE-2009-1689

2009-06-1014:30:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement.

Affected configurations

Nvd

Node

applesafariRange≤4.0_beta-mac

applesafariMatch0.8-mac

applesafariMatch0.9-mac

applesafariMatch1.0-mac

applesafariMatch1.0.3-mac

applesafariMatch1.1-mac

applesafariMatch1.2-mac

applesafariMatch1.3-mac

applesafariMatch1.3.1-mac

applesafariMatch1.3.2-mac

applesafariMatch2.0-mac

applesafariMatch2.0.2-mac

applesafariMatch2.0.4-mac

applesafariMatch3.0-mac

applesafariMatch3.0.2-mac

applesafariMatch3.0.3-mac

applesafariMatch3.0.4-mac

applesafariMatch3.1-mac

applesafariMatch3.1.1-mac

applesafariMatch3.1.2-mac

applesafariMatch3.2.1-mac

applesafariMatch3.2.3-mac

Node

applesafariRange≤3.2.3-windows

applesafariMatch3.0-windows

applesafariMatch3.0.1-windows

applesafariMatch3.0.2-windows

applesafariMatch3.0.3-windows

applesafariMatch3.0.4-windows

applesafariMatch3.1-windows

applesafariMatch3.1.1-windows

applesafariMatch3.1.2-windows

applesafariMatch3.2-windows

applesafariMatch3.2.1-windows

applesafariMatch3.2.2-windows

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:-:mac:*:*:*:*:*
applesafari0.8cpe:2.3:a:apple:safari:0.8:-:mac:*:*:*:*:*
applesafari0.9cpe:2.3:a:apple:safari:0.9:-:mac:*:*:*:*:*
applesafari1.0cpe:2.3:a:apple:safari:1.0:-:mac:*:*:*:*:*
applesafari1.0.3cpe:2.3:a:apple:safari:1.0.3:-:mac:*:*:*:*:*
applesafari1.1cpe:2.3:a:apple:safari:1.1:-:mac:*:*:*:*:*
applesafari1.2cpe:2.3:a:apple:safari:1.2:-:mac:*:*:*:*:*
applesafari1.3cpe:2.3:a:apple:safari:1.3:-:mac:*:*:*:*:*
applesafari1.3.1cpe:2.3:a:apple:safari:1.3.1:-:mac:*:*:*:*:*
applesafari1.3.2cpe:2.3:a:apple:safari:1.3.2:-:mac:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::-:mac:::::
apple	safari	0.8	cpe:2.3:a:apple:safari:0.8:-:mac:::::*
apple	safari	0.9	cpe:2.3:a:apple:safari:0.9:-:mac:::::*
apple	safari	1.0	cpe:2.3:a:apple:safari:1.0:-:mac:::::*
apple	safari	1.0.3	cpe:2.3:a:apple:safari:1.0.3:-:mac:::::*
apple	safari	1.1	cpe:2.3:a:apple:safari:1.1:-:mac:::::*
apple	safari	1.2	cpe:2.3:a:apple:safari:1.2:-:mac:::::*
apple	safari	1.3	cpe:2.3:a:apple:safari:1.3:-:mac:::::*
apple	safari	1.3.1	cpe:2.3:a:apple:safari:1.3.1:-:mac:::::*
apple	safari	1.3.2	cpe:2.3:a:apple:safari:1.3.2:-:mac:::::*