Filtered by vendor Apple Subscriptions
Filtered by product Webcore Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-2410 1 Apple 3 Mac Os X, Mac Os X Server, Webcore 2024-11-21 N/A
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2007-2409 1 Apple 3 Mac Os X, Mac Os X Server, Webcore 2024-11-21 N/A
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window.
CVE-2007-0478 1 Apple 3 Mac Os X, Safari, Webcore 2024-11-21 N/A
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.