Lucene search
+L

4 matches found

cve
cve
added 2018/04/03 6:0 a.m.96 views

CVE-2017-2493

CVE-2017-2493 corresponds to a WebKit/Safari vulnerability where loading an HTMLObjectElement could bypass Same Origin Policy via crafted objects and JavaScript URLs, enabling potential cross-origin information leakage. The Seebug writeup provides a PoC and notes SOP checks in HTMLPlugInImageElem...

6.5CVSS6.1AI score0.0148EPSS
Exploits2References4Affected Software3
seebug
seebug
added 2017/05/26 12:0 a.m.56 views

WebKit: UXSS through HTMLObjectElement::updateWidget(CVE-2017-2493)

When an object element loads a JavaScript URLe.g., javascript:alert1, it checks whether it violate the Same Origin Policy or not. Here's some snippets of the logic. void HTMLObjectElement::updateWidgetCreatePlugins createPlugins ... String url = this-url; ... if !allowedToLoadFrameURLurl return;...

7.8AI score0.0148EPSS
Exploits2
packetstorm
packetstorm
added 2017/05/25 12:0 a.m.60 views

WebKit HTMLObjectElement::updateWidget Universal XSS

WebKit: UXSS through HTMLObjectElement::updateWidget CVE-2017-2493 When an object element loads a JavaScript URLe.g., javascript:alert1, it checks whether it violate the Same Origin Policy or not. Here's some snippets of the logic. void HTMLObjectElement::updateWidgetCreatePlugins createPlugins...

7.5AI score0.0148EPSS
Exploits2
apple
apple
added 2017/04/24 6:47 a.m.59 views

About the security content of iCloud for Windows 6.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

8.8CVSS0.3AI score0.05738EPSS
Exploits8Affected Software1
Rows per page
Query Builder