CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4698
https://notcve.org/view.php?id=CVE-2007-4698
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. Apple Safari versiones 3 anteriores a Beta Update 3.0.4 sobre Windows, y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos conducir ataques de tipo cross-site scripting (XSS) causando que los eventos de JavaScript sean asociados con la trama incorrecta. • http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2007/Nov/msg00003.html http://osvdb.org/40663 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018948 http://www.securityfocus.com/bid/26444 http://www.securityfocus.com/bid/26446 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.vupen.com/english/advisories/2007/3868& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2007-3760
https://notcve.org/view.php?id=CVE-2007-3760
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. Una vulnerabilidad de tipo cross-site scripting (XSS) en Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de etiquetas de trama. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25850 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 3%CPEs: 16EXPL: 0CVE-2007-4671
https://notcve.org/view.php?id=CVE-2007-4671
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. Una vulnerabilidad no especificada de Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos "alter or access" al contenido HTTPS por medio de una sesión HTTP con una página web diseñada que causa que Javascript sea aplicado a páginas HTTPS del mismo dominio. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25852 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 16EXPL: 0CVE-2007-3758
https://notcve.org/view.php?id=CVE-2007-3758
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. Safari en Apple iPhone versión 1.1.1 y Safari versión 3 anterior a beta Update 3.0.4 en Windows y en Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos ajustar las propiedades de ventana de Javascript para las páginas web que están en un dominio diferente, el cual puede ser aprovechado para conducir ataques de tipo cross-site scripting (XSS). • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25857 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 2%CPEs: 16EXPL: 0CVE-2007-3756
https://notcve.org/view.php?id=CVE-2007-3756
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. Safari en Apple iPhone versiones anteriores a 1.1.1 y Safari versión 3 anterior a Beta Update 3.0.4 en Windows y Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos obtener información confidencial por medio de una página web diseñada que identifica la URL de la ventana principal, incluso cuando la ventana principal está en un dominio diferente. • http://docs.info.apple.com/article.html?artnum=306586 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://secunia.com/advisories/26983 http://secunia.com/advisories/27643 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25859 http://www.securityfocus.com/bid/26444 http://www.us-cert.gov/cas/techalerts/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •