CVE-2013-1013

Apple Safari < 6.0.5 - Cross-Site Scripting via XSS Auditor URL Rewrite Bypass

Title source: llm
STIX 2.1

Description

XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5785
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html

Scores

EPSS 0.0139
EPSS Percentile 69.1%

Details

CWE
CWE-20
Status published
Products (5)
apple/safari 6.0
apple/safari 6.0.1
apple/safari 6.0.2
apple/safari 6.0.3
apple/safari < 6.0.4
Published Jun 05, 2013
Tracked Since Feb 18, 2026