CVE-2009-1724

Apple Safari < 4.0.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gareth Hayes · htmlremotemultiple

https://www.exploit-db.com/exploits/33047

View Code ZIP pw:eip

References (14)

[Patch, Vendor Advisory] http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html

[Mailing List] http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

[Patch, Vendor Advisory] http://support.apple.com/kb/HT3666

[Exploit] http://www.securityfocus.com/bid/35441

[Vendor Advisory] http://support.apple.com/kb/HT3860

[Third Party Advisory, VDB Entry] http://osvdb.org/55738

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6208

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022525

[Third Party Advisory] http://secunia.com/advisories/35758

[Third Party Advisory] http://secunia.com/advisories/36677

[Third Party Advisory] http://secunia.com/advisories/43068

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/1827

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0212

Scores

EPSS 0.0152

EPSS Percentile 81.0%

Classification

CWE

CWE-79

Status published

Affected Products (50)

apple/safari < 4.0.1

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

... and 35 more

Timeline

Published Jul 09, 2009

Tracked Since Feb 18, 2026