CVE-2010-1395

Apple Safari <5.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."

References (21)

... and 1 more

Scores

EPSS 0.0117
EPSS Percentile 78.4%

Classification

CWE
CWE-79
Status published

Affected Products (9)

apple/safari < 4.0.5
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/webkit
n/a/n/a

Timeline

Published Jun 11, 2010
Tracked Since Feb 18, 2026