4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
79.7%
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before
4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod
touch, and other platforms, allows remote attackers to inject arbitrary web
script or HTML via vectors related to parent and top objects.
Author | Note |
---|---|
jdstrand | qt4-x11 unmaintained upstream (see README.webkit for details) webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
mdeslaur | although I don’t know what the upstream patch is, RH stated that it didn’t affect their kde4libs versions, so I’m removing it. can’t find info on webkit |