CVE-2012-0676
Apple Safari < 5.1.7 - Form Field Injection via State Tracking Issue
Title source: llmDescription
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81787
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027053
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5282
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/May/msg00002.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75474
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47292
Scores
EPSS
0.0208
EPSS Percentile
79.4%
Details
CWE
CWE-20
Status
published
Products (35)
apple/safari
1.0 (3 CPE variants)
apple/safari
1.0.0
apple/safari
1.0.0b1
apple/safari
1.0.0b2
apple/safari
1.0.1
apple/safari
1.0.2
apple/safari
1.0.3 (3 CPE variants)
apple/safari
1.0b1
apple/safari
1.1
apple/safari
1.1.0
... and 25 more
Published
May 11, 2012
Tracked Since
Feb 18, 2026