Safari Security Vulnerabilities and Issues — Safari CVE List

Lucene search

AppleSafari

11 matches found

CVE•added 2008/03/19 12:44 a.m.•43 views

CVE-2008-1005

WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

2.1CVSS5.9AI score0.00087EPSS

CVE•added 2008/03/19 12:44 a.m.•43 views

CVE-2008-1011

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.

4.3CVSS5.1AI score0.025EPSS

CVE•added 2008/03/19 12:44 a.m.•42 views

CVE-2008-1001

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.

4.3CVSS5.2AI score0.00524EPSS

CVE•added 2008/03/19 12:44 a.m.•38 views

CVE-2008-1009

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

4.3CVSS5.3AI score0.00977EPSS

CVE•added 2008/03/19 12:44 a.m.•37 views

CVE-2008-1010

Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.

6.8CVSS7.4AI score0.07713EPSS

CVE•added 2008/03/19 12:44 a.m.•36 views

CVE-2008-1002

Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.

4.3CVSS5.1AI score0.01921EPSS

CVE•added 2008/03/19 12:44 a.m.•36 views

CVE-2008-1006

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

4.3CVSS5.3AI score0.00977EPSS

CVE•added 2008/03/19 12:44 a.m.•36 views

CVE-2008-1007

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3CVSS5.3AI score0.00949EPSS

CVE•added 2008/03/19 12:44 a.m.•35 views

CVE-2008-1008

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.

4.3CVSS5.3AI score0.00977EPSS

CVE•added 2008/03/19 12:44 a.m.•34 views

CVE-2008-1003

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.

4.3CVSS5.1AI score0.00977EPSS

CVE•added 2008/03/19 12:44 a.m.•34 views

CVE-2008-1004

4.3CVSS5.2AI score0.00977EPSS