CVE-2007-5858

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Information

Published : 2007-12-19 13:46

Updated : 2022-08-09 06:46


NVD link : CVE-2007-5858

Mitre link : CVE-2007-5858


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

apple

  • ipod_touch
  • safari
  • iphone
  • mac_os_x
  • iphone_os