CVE-2012-0676

Apple Safari < 5.1.7 - Form Field Injection via State Tracking Issue

Title source: llm
STIX 2.1

Description

WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/81787
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027053
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5282
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/May/msg00002.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75474
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47292

Scores

EPSS 0.0208
EPSS Percentile 79.4%

Details

CWE
CWE-20
Status published
Products (35)
apple/safari 1.0 (3 CPE variants)
apple/safari 1.0.0
apple/safari 1.0.0b1
apple/safari 1.0.0b2
apple/safari 1.0.1
apple/safari 1.0.2
apple/safari 1.0.3 (3 CPE variants)
apple/safari 1.0b1
apple/safari 1.1
apple/safari 1.1.0
... and 25 more
Published May 11, 2012
Tracked Since Feb 18, 2026