WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
References
Configurations
Configuration 1 (hide)
AND |
|
History
09 Aug 2022, 13:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:apple:iphone:1.1.2:*:*:*:*:*:*:* cpe:2.3:h:apple:iphone:1.0.2:*:*:*:*:*:*:* cpe:2.3:h:apple:iphone:1.0.1:*:*:*:*:*:*:* |
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:* |
Information
Published : 2007-12-19 21:46
Updated : 2024-02-04 17:13
NVD link : CVE-2007-5858
Mitre link : CVE-2007-5858
CVE.ORG link : CVE-2007-5858
JSON object : View
Products Affected
apple
- iphone_os
- safari
- mac_os_x
- ipod_touch
- iphone
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')