Lucene search
K

5 matches found

seebug.org
seebug.org
added 2017/05/26 12:0 a.m.39 views

WebKit: UXSS via Editor::Command::execute(CVE-2017-2504)

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly...

4.3CVSS6.7AI score0.03347EPSS
Exploits4
Packet Storm
Packet Storm
added 2017/05/25 12:0 a.m.73 views

WebKit Editor::Command::execute Universal Cross Site Scripting

WebKit: UXSS via Editor::Command::execute CVE-2017-2504 Here's a snippet of Editor::Command::execute used to handle |document.execCommand|. bool Editor::Command::executeconst String& parameter, Event triggeringEvent const if !isEnabledtriggeringEvent // Let certain commands be executed when...

6.9AI score0.03347EPSS
Exploits4
Circl
Circl
added 2017/05/25 12:0 a.m.16 views

CVE-2017-2504

creationtimestamp| type| source ---|---|--- 2017-05-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42064...

6.1CVSS6.8AI score0.03347EPSS
Exploits4References1
OSV
OSV
added 2017/05/22 5:29 a.m.6 views

CVE-2017-2504

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly...

6.1CVSS5.1AI score
Exploits0References7
CVE
CVE
added 2017/05/22 4:54 a.m.86 views

CVE-2017-2504

CVE-2017-2504 affects Apple WebKit components in iOS prior to 10.3.2, Safari prior to 10.1.1, and tvOS prior to 10.2.1. The issue is a logic/handling flaw in WebKit Editor commands that enables remote, universal cross‑site scripting (UXSS) via crafted web content. The vulnerability is tied to a W...

6.1CVSS5.8AI score0.03347EPSS
Exploits4References7Affected Software3
Rows per page
Query Builder