← voltar
CVE-2007-0478

CVE-2007-0478

EPSS 1.6%
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://osvdb.org/32712http://secunia.com/advisories/23893http://secunia.com/advisories/26235http://securitytracker.com/id?1018494https://exchange.xforce.ibmcloud.com/vulnerabilities/31846http://www.beanfuzz.com/wordpress/?p=99http://www.securityfocus.com/archive/1/457763/100/0/threadedhttp://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732