CVE-2012-0678

Apple Safari <6.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL.

References (2)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html

[Vendor Advisory] http://support.apple.com/kb/HT5400

Scores

EPSS 0.0025

EPSS Percentile 47.8%

Classification

CWE

CWE-79

Status published

Affected Products (50)

apple/safari < 5.1.7

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

apple/safari

... and 35 more

Timeline

Published Jul 25, 2012

Tracked Since Feb 18, 2026