Lucene search

MitreCVE-2007-2391

HistoryJun 14, 2007 - 6:30 p.m.

CVE-2007-2391

2007-06-1418:30:00

CWE-79

mitre

web.nvd.nist.gov

cve-2007-2391

cross-site scripting

xss

apple safari

windows

remote attack

web script

html

settimeout

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.004

Percentile

73.9%

JSON

Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.

Affected configurations

Nvd

Node

applesafariMatch3.0.1windows

VendorProductVersionCPE
applesafari3.0.1cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	3.0.1	cpe:2.3:a:apple:safari:3.0.1::windows:::::

References

lists.apple.com/archives/security-announce/2007/Jun/msg00000.html

osvdb.org/36605

securitytracker.com/id?1018238

www.securityfocus.com/archive/1/471255/100/0/threaded

www.securityfocus.com/archive/1/471266/100/0/threaded

www.securityfocus.com/bid/24457

www.vupen.com/english/advisories/2007/2192

exchange.xforce.ibmcloud.com/vulnerabilities/34847

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.004

Percentile

73.9%

JSON

Related for CVE-2007-2391