Описание
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.0254
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
EPSS
Процентиль: 85%
0.0254
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79