CVE-2017-7038
MEDIUMSafari < 10.1.2 - Cross-Site Scripting via DOMParser
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-7038. PoCs published by ansjdnakjdnajkd.
AI-analyzed exploit summary This repository contains a working proof-of-concept for CVE-2017-7038, an XSS vulnerability in Safari's document implementation. The exploit demonstrates multiple methods to trigger the vulnerability using SVG payloads.
Description
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
Exploits (1)
This repository contains a working proof-of-concept for CVE-2017-7038, an XSS vulnerability in Safari's document implementation. The exploit demonstrates multiple methods to trigger the vulnerability using SVG payloads.
References (6)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N