The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2011-10-14 03:55
Updated : 2012-01-13 19:55
NVD link : CVE-2011-3218
Mitre link : CVE-2011-3218
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
apple
- mac_os_x
- mac_os_x_server