5 matches found
WebKit: UXSS via Editor::Command::execute(CVE-2017-2504)
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly...
WebKit Editor::Command::execute Universal Cross Site Scripting
WebKit: UXSS via Editor::Command::execute CVE-2017-2504 Here's a snippet of Editor::Command::execute used to handle |document.execCommand|. bool Editor::Command::executeconst String& parameter, Event triggeringEvent const if !isEnabledtriggeringEvent // Let certain commands be executed when...
CVE-2017-2504
creationtimestamp| type| source ---|---|--- 2017-05-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42064...
CVE-2017-2504
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly...
CVE-2017-2504
CVE-2017-2504 affects Apple WebKit components in iOS prior to 10.3.2, Safari prior to 10.1.1, and tvOS prior to 10.2.1. The issue is a logic/handling flaw in WebKit Editor commands that enables remote, universal cross‑site scripting (UXSS) via crafted web content. The vulnerability is tied to a W...