CVE Vulnerability

CVE-2008-1006

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html Patch
http://docs.info.apple.com/article.html?artnum=307563
http://www.securitytracker.com/id?1019653
http://www.securityfocus.com/bid/28332
http://www.us-cert.gov/cas/techalerts/TA08-079A.html US Government Resource
http://www.securityfocus.com/bid/28290
http://secunia.com/advisories/29393
http://www.vupen.com/english/advisories/2008/0920/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41326
Configurations

Configuration 1

cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*
Information

Published : 2008-03-19 12:44

Updated : 2017-08-08 01:29

NVD link : CVE-2008-1006

Mitre link : CVE-2008-1006

Products Affected
No products.
CWE
CWE-79