Vulnerability Details CVE-2008-1009
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 74.0%
CVSS Severity
CVSS v2 Score 4.3
References
- http://docs.info.apple.com/article.html?artnum=307563
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
- http://secunia.com/advisories/29393
- http://www.securityfocus.com/bid/28290
- http://www.securityfocus.com/bid/28337
- http://www.securitytracker.com/id?1019653
- http://www.us-cert.gov/cas/techalerts/TA08-079A.html
- http://www.vupen.com/english/advisories/2008/0920/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41322
- http://docs.info.apple.com/article.html?artnum=307563
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
- http://secunia.com/advisories/29393
- http://www.securityfocus.com/bid/28290
- http://www.securityfocus.com/bid/28337
- http://www.securitytracker.com/id?1019653
- http://www.us-cert.gov/cas/techalerts/TA08-079A.html
- http://www.vupen.com/english/advisories/2008/0920/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41322
Products affected by CVE-2008-1009
-
cpe:2.3:a:apple:safari:0.8
-
cpe:2.3:a:apple:safari:0.9
-
cpe:2.3:a:apple:safari:1.0
-
cpe:2.3:a:apple:safari:1.1
-
cpe:2.3:a:apple:safari:1.2
-
cpe:2.3:a:apple:safari:1.3
-
cpe:2.3:a:apple:safari:1.3.1
-
cpe:2.3:a:apple:safari:1.3.2
-
cpe:2.3:a:apple:safari:2.0
-
cpe:2.3:a:apple:safari:2.0.2
-
cpe:2.3:a:apple:safari:2.0.4
-
cpe:2.3:a:apple:safari:3.0
-
cpe:2.3:a:apple:safari:3.0.1
-
cpe:2.3:a:apple:safari:3.0.2
-
cpe:2.3:a:apple:safari:3.0.3
-
cpe:2.3:a:apple:safari:3.0.4