CVE-2012-3695

Apple Safari < 5.1.7 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property.

References (5)

Scores

EPSS 0.0040
EPSS Percentile 60.1%

Classification

CWE
CWE-79
Status published

Affected Products (50)

apple/safari < 5.1.7
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
apple/safari
... and 35 more

Timeline

Published Jul 25, 2012
Tracked Since Feb 18, 2026