CVE-2017-7038

MEDIUM

Safari < 10.1.2 - Cross-Site Scripting via DOMParser

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7038. PoCs published by ansjdnakjdnajkd.

AI-analyzed exploit summary This repository contains a working proof-of-concept for CVE-2017-7038, an XSS vulnerability in Safari's document implementation. The exploit demonstrates multiple methods to trigger the vulnerability using SVG payloads.

Description

A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.

Exploits (1)

nomisec WORKING POC 3 stars
by ansjdnakjdnajkd · poc
https://github.com/ansjdnakjdnajkd/CVE-2017-7038

This repository contains a working proof-of-concept for CVE-2017-7038, an XSS vulnerability in Safari's document implementation. The exploit demonstrates multiple methods to trigger the vulnerability using SVG payloads.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Safari (versions affected by CVE-2017-7038)
No auth needed
Prerequisites: A vulnerable version of Safari · Ability to execute JavaScript in the context of the target browser
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207924
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99888
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207921
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207923
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201710-14
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038950

Scores

CVSS v3 6.1
EPSS 0.0291
EPSS Percentile 85.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (4)
apple/iphone_os < 10.3.3
apple/safari < 10.1.2
apple/tvos < 10.2.2
apple/webkit
Published Jul 20, 2017
Tracked Since Feb 18, 2026