CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1006
https://notcve.org/view.php?id=CVE-2008-1006
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webcore, usado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección empleando la función windows.open para cambiar el contexto de seguridad de una página web. • http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html http://secunia.com/advisories/29393 http://www.securityfocus.com/bid/28290 http://www.securityfocus.com/bid/28332 http://www.securitytracker.com/id?1019653 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2008-1002
https://notcve.org/view.php?id=CVE-2008-1002
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Apple Safari antes de 3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un javascript: URL manipulado. • http://docs.info.apple.com/article.html?artnum=307563 http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html http://secunia.com/advisories/29393 http://www.kb.cert.org/vuls/id/766019 http://www.securityfocus.com/bid/28290 http://www.securityfocus.com/bid/28328 http://www.securitytracker.com/id?1019653 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0920/references https://exchange.xforce.ibmcloud.com/vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 4%CPEs: 6EXPL: 3CVE-2008-0298 – Apple Safari 2.0.4 - KHTML WebKit Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0298
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. KHTML WebKit como el utilizado en Apple Safari 2.x permite a atacantes remotos provocar una denegación de servicio (caída del navegador) mediante una página web manipulada, posiblemente implicando un atributo STYLE en una elemento DIV. • https://www.exploit-db.com/exploits/31021 http://securityreason.com/securityalert/3549 http://www.s21sec.com/avisos/s21sec-039-en.txt http://www.securityfocus.com/archive/1/486202/100/0/threaded http://www.securityfocus.com/bid/27261 https://exchange.xforce.ibmcloud.com/vulnerabilities/39635 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6592
https://notcve.org/view.php?id=CVE-2007-6592
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. Apple Safari 2, cuando un usuario acepta un certificado de servidor SSL basándose en el nombre de dominio CN del campo DN, considera el certificado como aceptado también para todos los nombres de dominios en los campos subjectAltName:dNSName, lo cual facilita a los atacantes remotos engañar al usuario para que acepte un certificado inválido para un sitio web falso. • http://nils.toedtmann.net/pub/subjectAltName.txt http://securityreason.com/securityalert/3498 http://www.securityfocus.com/archive/1/483929/100/100/threaded http://www.securityfocus.com/archive/1/483937/100/100/threaded •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4698
https://notcve.org/view.php?id=CVE-2007-4698
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos conducir ataques de tipo cross-site scripting (XSS) causando que los eventos de JavaScript sean asociados con la trama incorrecta. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html http://osvdb.org/40663 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.securityfocus.com/bid/26446 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •