CVE-2008-1011

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
applesafari
0.8
applesafari
0.9
applesafari
1.0
applesafari
1.1
applesafari
1.2
applesafari
1.3
applesafari
1.3.1
applesafari
1.3.2
applesafari
2.0
applesafari
2.0.2
applesafari
2.0.4
applesafari
3.0
applesafari
3.0.1
applesafari
3.0.2
applesafari
3.0.3
applesafari
3.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://docs.info.apple.com/article.html?artnum=307563
http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
http://secunia.com/advisories/29393
http://secunia.com/advisories/29924
http://www.securityfocus.com/bid/28290
http://www.securityfocus.com/bid/28342
http://www.securitytracker.com/id?1019653
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
http://www.vupen.com/english/advisories/2008/0920/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41320
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00402.html
http://docs.info.apple.com/article.html?artnum=307563
http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
http://secunia.com/advisories/29393
http://secunia.com/advisories/29924
http://www.securityfocus.com/bid/28290
http://www.securityfocus.com/bid/28342
http://www.securitytracker.com/id?1019653
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
http://www.vupen.com/english/advisories/2008/0920/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41320
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00402.html