CVE-2008-1003 - OpenCVE

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari:0.8:::::::*
	cpe:2.3:a:apple:safari:0.9:::::::*
	cpe:2.3:a:apple:safari:1.0:::::::*
	cpe:2.3:a:apple:safari:1.1:::::::*
	cpe:2.3:a:apple:safari:1.2:::::::*
	cpe:2.3:a:apple:safari:1.3:::::::*
	cpe:2.3:a:apple:safari:1.3.1:::::::*
	cpe:2.3:a:apple:safari:1.3.2:::::::*
	cpe:2.3:a:apple:safari:2.0:::::::*
	cpe:2.3:a:apple:safari:2.0.2:::::::*
	cpe:2.3:a:apple:safari:2.0.4:::::::*
	cpe:2.3:a:apple:safari:3.0:::::::*
	cpe:2.3:a:apple:safari:3.0.1:::::::*
	cpe:2.3:a:apple:safari:3.0.2:::::::*
	cpe:2.3:a:apple:safari:3.0.3:::::::*
	cpe:2.3:a:apple:safari:3.0.4:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=307563
http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
http://secunia.com/advisories/29393
http://www.securityfocus.com/bid/28290
http://www.securityfocus.com/bid/28330
http://www.securitytracker.com/id?1019653
http://www.us-cert.gov/cas/techalerts/TA08-079A.html
http://www.vupen.com/english/advisories/2008/0920/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41334

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-19T00:00:00

Updated: 2024-08-07T08:08:56.298Z

Reserved: 2008-02-26T00:00:00

Link: CVE-2008-1003

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-19T00:44:00.000

Modified: 2017-08-08T01:29:48.760

Link: CVE-2008-1003

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1019653", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019653"}, {"name": "TA08-079A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"name": "28330", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28330"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"}, {"name": "28290", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28290"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307563"}, {"name": "safari-documentdomain-security-bypass(41334)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41334"}, {"name": "ADV-2008-0920", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0920/references"}, {"name": "29393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29393"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1003", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1019653", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019653"}, {"name": "TA08-079A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"name": "28330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28330"}, {"name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"}, {"name": "28290", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28290"}, {"name": "http://docs.info.apple.com/article.html?artnum=307563", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307563"}, {"name": "safari-documentdomain-security-bypass(41334)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41334"}, {"name": "ADV-2008-0920", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0920/references"}, {"name": "29393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29393"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:08:56.298Z"}, "title": "CVE Program Container", "references": [{"name": "1019653", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019653"}, {"name": "TA08-079A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"name": "28330", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28330"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"}, {"name": "28290", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28290"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307563"}, {"name": "safari-documentdomain-security-bypass(41334)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41334"}, {"name": "ADV-2008-0920", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0920/references"}, {"name": "29393", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29393"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1003", "datePublished": "2008-03-19T00:00:00", "dateReserved": "2008-02-26T00:00:00", "dateUpdated": "2024-08-07T08:08:56.298Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "09F4ADD0-449B-4DDD-9878-DE86CBD56756", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2E0AECB7-FE62-4664-B3B8-8161DA6DA4BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A419AE8-F5A2-4E25-9004-AAAB325E201A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "857C92E2-6870-409A-9457-75F8C5C7B959", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "443FF271-A3AB-4659-80B2-89F771BF5371", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EDD80AB-2A6C-47FF-A1E9-DEB273C6B4E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9315ADD-5B97-4639-9B59-806EFD7BC247", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7DD81AB-27D6-4CB0-BBF0-5710DAD55A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, usado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o html de su elecci\u00f3n a trav\u00e9s de vectores desconocidos en relaci\u00f3n a sitios que han establecido la propiedad document.domain o que tienen el mismo document.domain."}], "id": "CVE-2008-1003", "lastModified": "2017-08-08T01:29:48.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-03-19T00:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307563"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29393"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28290"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28330"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019653"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0920/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41334"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}