CVE-2008-1006

Apple Safari - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

References (9)

Scores

EPSS 0.0084
EPSS Percentile 74.5%

Classification

CWE
CWE-79
Status draft

Affected Products (16)

apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
... and 1 more

Timeline

Published Mar 19, 2008
Tracked Since Feb 18, 2026