CVE-2013-1012

Apple Safari <6.0.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.

References (5)

[Mailing List] http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html

[Vendor Advisory] http://support.apple.com/kb/HT5785

[Vendor Advisory] http://support.apple.com/kb/HT5934

[Third Party Advisory] http://secunia.com/advisories/54886

Scores

EPSS 0.0032

EPSS Percentile 54.7%

Details

CWE

CWE-79

Status published

Products (6)

apple/safari < 6.0.4

apple/safari

n/a/n/a

Published Jun 05, 2013

Tracked Since Feb 18, 2026