WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
Max CVSS
2.6
EPSS Score
0.29%
Published
2011-03-11
Updated
2017-08-17
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
Max CVSS
2.6
EPSS Score
0.36%
Published
2010-07-30
Updated
2017-09-19
2 vulnerabilities found