CVE-2007-0478
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
25/01/2007
Last modified:
09/04/2025
Description
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apple:webcore:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://osvdb.org/32712
- http://secunia.com/advisories/23893
- http://secunia.com/advisories/26235
- http://securitytracker.com/id?1018494=
- http://www.beanfuzz.com/wordpress/?p=99
- http://www.securityfocus.com/archive/1/457763/100/0/threaded
- http://www.securityfocus.com/bid/25159
- http://www.vupen.com/english/advisories/2007/2732
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31846
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://osvdb.org/32712
- http://secunia.com/advisories/23893
- http://secunia.com/advisories/26235
- http://securitytracker.com/id?1018494=
- http://www.beanfuzz.com/wordpress/?p=99
- http://www.securityfocus.com/archive/1/457763/100/0/threaded
- http://www.securityfocus.com/bid/25159
- http://www.vupen.com/english/advisories/2007/2732
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31846