Lucene search
K

6 matches found

seebug.org
seebug.org
added 2017/10/09 12:0 a.m.57 views

safari10跨域漏洞

safari 10的XMLHttpRequest在null域下可以随意发起跨域请求和设置httpheader 我交到苹果的bugreport,并给apple发邮件后,他们自己悄悄把漏洞修了,连个邮件都没给我发,所以我决定公开poc 这是我在漏洞未修复前截的图: 这个漏洞可以造成同源策略绕过,随便跨域,这是我写的获取gmail数据的代码: html var serveraddress = 'http://127.0.0.1:8000/static/csrfWcn6h/' function deleteSelf let test = document.getElementById'test'...

7AI score
Exploits0
seebug.org
seebug.org
added 2017/10/09 12:0 a.m.57 views

Apple Safari uxss(CVE-2017-7089)

CVE-2017-7089 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. Safari 10 Local SOP bypass html function Pewvar...

4.3CVSS0.7AI score0.061EPSS
Exploits6
0day.today
0day.today
added 2017/10/05 12:0 a.m.100 views

Safari 10 Local SOP bypass Vulnerability

Exploit for macOS platform in category local exploits Safari 10 Local SOP bypass Vulnerability CVE-2017-7089 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed...

4.3CVSS6.8AI score0.061EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/04/04 12:0 a.m.49 views

Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window

document auto& htmlDocument = downcastdocument; auto atomicPropertyName = propertyName.publicName; if atomicPropertyName && htmlDocument.hasWindowNamedItematomicPropertyName JSValue namedItem; if UNLIKELYhtmlDocument.windowNamedItemContainsMultipleElementsatomicPropertyName Ref collection =...

7.4AI score
Exploits0
Apple
Apple
added 2017/01/23 5:36 a.m.46 views

About the security content of Safari 10 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

9.6CVSS0.1AI score0.03267EPSS
Exploits1Affected Software4
Apple
Apple
added 2016/09/20 12:0 a.m.37 views

About the security content of Safari 10

About the security content of Safari 10 This document describes the security content of Safari 10. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

9.6CVSS0.03267EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder