CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2008-1011
https://notcve.org/view.php?id=CVE-2008-1011
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit, como se usa en Apple Safari antes de 3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un marco que llama a una instancia de un método en otro marco. • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-1001
https://notcve.org/view.php?id=CVE-2008-1001
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple Safari anterior a 3.1, ejecutado sobre Windows XP o Vista, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través de una URL manipulada que no está correctamente ... • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1003
https://notcve.org/view.php?id=CVE-2008-1003
19 Mar 2008 — Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, usado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través de vectores desconocidos en relación a s... • http://docs.info.apple.com/article.html?artnum=307563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 5%CPEs: 6EXPL: 3CVE-2008-0298 – Apple Safari 2.0.4 - KHTML WebKit Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0298
16 Jan 2008 — KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. KHTML WebKit como el utilizado en Apple Safari 2.x permite a atacantes remotos provocar una denegación de servicio (caída del navegador) mediante una página web manipulada, posiblemente implicando un atributo STYLE en una elemento DIV. • https://www.exploit-db.com/exploits/31021 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6592
https://notcve.org/view.php?id=CVE-2007-6592
28 Dec 2007 — Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. Apple Safari 2, cuando un usuario acepta un certificado de servidor SSL basándose en el nombre de dominio CN del campo DN, considera el certificado como aceptado también para todos ... • http://nils.toedtmann.net/pub/subjectAltName.txt •
CVSS: 6.5EPSS: 1%CPEs: 26EXPL: 0CVE-2007-4692
https://notcve.org/view.php?id=CVE-2007-4692
15 Nov 2007 — The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. La funcionalidad de navegación de pestañas en Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10... • http://docs.info.apple.com/article.html?artnum=307041 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4698
https://notcve.org/view.php?id=CVE-2007-4698
15 Nov 2007 — Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos conducir ataques de tipo cross-site scripting (XSS) causando que los eventos de JavaScript sean asociados con la trama incorrecta. • http://docs.info.apple.com/article.html?artnum=307041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 9%CPEs: 16EXPL: 0CVE-2007-4671
https://notcve.org/view.php?id=CVE-2007-4671
27 Sep 2007 — Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. Una vulnerabilidad no especificada de Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, pe... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 6%CPEs: 16EXPL: 0CVE-2007-3758
https://notcve.org/view.php?id=CVE-2007-3758
27 Sep 2007 — Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. Safari en Apple iPhone versión 1.1.1 y Safari versión 3 anterior a beta Update 3.0.4 en Windows y en Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos ajustar las propiedades de ventana de Javascript pa... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 16EXPL: 0CVE-2007-3760
https://notcve.org/view.php?id=CVE-2007-3760
27 Sep 2007 — Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. Una vulnerabilidad de tipo cross-site scripting (XSS) en Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos inyectar script web o HTML arbitrario ... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •