cvelistv5 - cve-2013-1012

CVE-2013-1012 (GCVE-0-2013-1012)

Vulnerability from cvelistv5

Published

2013-06-05 10:00

Modified

2024-08-06 14:49

Severity ?

CWE

Summary

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.

References

URL

Tags

product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
product-security@apple.com	http://secunia.com/advisories/54886
product-security@apple.com	http://support.apple.com/kb/HT5785	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT5934
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54886
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5785	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5934

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5785"
          },
          {
            "name": "54886",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54886"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5934"
          },
          {
            "name": "APPLE-SA-2013-06-04-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
          },
          {
            "name": "APPLE-SA-2013-09-18-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-09-20T09:00:00",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5785"
        },
        {
          "name": "54886",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54886"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5934"
        },
        {
          "name": "APPLE-SA-2013-06-04-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
        },
        {
          "name": "APPLE-SA-2013-09-18-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2013-1012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT5785",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5785"
            },
            {
              "name": "54886",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54886"
            },
            {
              "name": "http://support.apple.com/kb/HT5934",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5934"
            },
            {
              "name": "APPLE-SA-2013-06-04-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
            },
            {
              "name": "APPLE-SA-2013-09-18-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2013-1012",
    "datePublished": "2013-06-05T10:00:00",
    "dateReserved": "2013-01-10T00:00:00",
    "dateUpdated": "2024-08-06T14:49:20.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-1012\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2013-06-05T14:39:55.583\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad cross-site scripting (XSS) en WebKit en Apple Safari anterior a v6.0.5 permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores que comprenden elementos IFRAME.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0.4\",\"matchCriteriaId\":\"EC45BDFA-5562-44D9-8D99-6C454D4042F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BA4B009-6BF2-4174-A05C-77B75C45377C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"136A760D-2873-4216-AB60-E3D93DE82BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFF3DFE0-2587-4E91-ACC2-45E9B51EF4C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"076B9C00-EFB0-4284-A617-FAEE341F80FB\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://secunia.com/advisories/54886\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT5785\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5934\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/54886\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2013-AVI-536

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple iOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à iOS 7

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5934 du 18 septembre 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 iOS 7\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0993"
    },
    {
      "name": "CVE-2013-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1006"
    },
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2013-5129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5129"
    },
    {
      "name": "CVE-2013-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0998"
    },
    {
      "name": "CVE-2013-5150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5150"
    },
    {
      "name": "CVE-2013-1045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1045"
    },
    {
      "name": "CVE-2013-1040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1040"
    },
    {
      "name": "CVE-2013-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2848"
    },
    {
      "name": "CVE-2013-1047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1047"
    },
    {
      "name": "CVE-2013-5147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5147"
    },
    {
      "name": "CVE-2013-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1001"
    },
    {
      "name": "CVE-2013-1012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1012"
    },
    {
      "name": "CVE-2013-3954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3954"
    },
    {
      "name": "CVE-2013-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4616"
    },
    {
      "name": "CVE-2013-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1019"
    },
    {
      "name": "CVE-2013-5140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5140"
    },
    {
      "name": "CVE-2013-1005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1005"
    },
    {
      "name": "CVE-2012-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
    },
    {
      "name": "CVE-2013-5152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5152"
    },
    {
      "name": "CVE-2013-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0992"
    },
    {
      "name": "CVE-2013-1042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1042"
    },
    {
      "name": "CVE-2013-5154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5154"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2013-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0994"
    },
    {
      "name": "CVE-2013-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1010"
    },
    {
      "name": "CVE-2013-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5134"
    },
    {
      "name": "CVE-2013-0879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0879"
    },
    {
      "name": "CVE-2013-0926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0926"
    },
    {
      "name": "CVE-2013-5157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5157"
    },
    {
      "name": "CVE-2013-5158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5158"
    },
    {
      "name": "CVE-2013-1043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1043"
    },
    {
      "name": "CVE-2013-1007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1007"
    },
    {
      "name": "CVE-2013-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0995"
    },
    {
      "name": "CVE-2013-1037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1037"
    },
    {
      "name": "CVE-2011-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
    },
    {
      "name": "CVE-2013-1036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1036"
    },
    {
      "name": "CVE-2013-0957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0957"
    },
    {
      "name": "CVE-2013-5153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5153"
    },
    {
      "name": "CVE-2013-1025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1025"
    },
    {
      "name": "CVE-2013-1028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1028"
    },
    {
      "name": "CVE-2013-0991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0991"
    },
    {
      "name": "CVE-2013-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1000"
    },
    {
      "name": "CVE-2013-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5156"
    },
    {
      "name": "CVE-2013-5125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5125"
    },
    {
      "name": "CVE-2013-5159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5159"
    },
    {
      "name": "CVE-2013-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1044"
    },
    {
      "name": "CVE-2013-1008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1008"
    },
    {
      "name": "CVE-2013-1003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1003"
    },
    {
      "name": "CVE-2013-5128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5128"
    },
    {
      "name": "CVE-2013-1004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1004"
    },
    {
      "name": "CVE-2013-5145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5145"
    },
    {
      "name": "CVE-2013-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2842"
    },
    {
      "name": "CVE-2013-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5142"
    },
    {
      "name": "CVE-2013-5126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5126"
    },
    {
      "name": "CVE-2013-1039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1039"
    },
    {
      "name": "CVE-2013-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1002"
    },
    {
      "name": "CVE-2013-5155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5155"
    },
    {
      "name": "CVE-2013-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0996"
    },
    {
      "name": "CVE-2013-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5131"
    },
    {
      "name": "CVE-2013-3953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3953"
    },
    {
      "name": "CVE-2013-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5141"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2013-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0997"
    },
    {
      "name": "CVE-2013-5139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5139"
    },
    {
      "name": "CVE-2013-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3950"
    },
    {
      "name": "CVE-2013-1038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1038"
    },
    {
      "name": "CVE-2013-5151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5151"
    },
    {
      "name": "CVE-2013-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0999"
    },
    {
      "name": "CVE-2013-1026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1026"
    },
    {
      "name": "CVE-2013-1046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1046"
    },
    {
      "name": "CVE-2013-3955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3955"
    },
    {
      "name": "CVE-2013-5127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5127"
    },
    {
      "name": "CVE-2012-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
    },
    {
      "name": "CVE-2013-5149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5149"
    },
    {
      "name": "CVE-2013-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5138"
    },
    {
      "name": "CVE-2011-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
    },
    {
      "name": "CVE-2013-1041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1041"
    },
    {
      "name": "CVE-2012-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
    },
    {
      "name": "CVE-2013-5137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5137"
    }
  ],
  "initial_release_date": "2013-09-19T00:00:00",
  "last_revision_date": "2013-09-19T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-536",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5934 du 18 septembre 2013",
      "url": "http://support.apple.com/kb/HT5934"
    }
  ]
}

CERTA-2013-AVI-341

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple Safari. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à Safari 6.0.5

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5785 du 04 juin 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 Safari 6.0.5\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0993"
    },
    {
      "name": "CVE-2013-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1006"
    },
    {
      "name": "CVE-2013-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0998"
    },
    {
      "name": "CVE-2013-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1001"
    },
    {
      "name": "CVE-2013-1012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1012"
    },
    {
      "name": "CVE-2013-1005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1005"
    },
    {
      "name": "CVE-2013-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0992"
    },
    {
      "name": "CVE-2013-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0994"
    },
    {
      "name": "CVE-2013-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1010"
    },
    {
      "name": "CVE-2013-0879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0879"
    },
    {
      "name": "CVE-2013-0926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0926"
    },
    {
      "name": "CVE-2013-1007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1007"
    },
    {
      "name": "CVE-2013-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0995"
    },
    {
      "name": "CVE-2013-0991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0991"
    },
    {
      "name": "CVE-2013-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1000"
    },
    {
      "name": "CVE-2013-1008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1008"
    },
    {
      "name": "CVE-2013-1003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1003"
    },
    {
      "name": "CVE-2013-1004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1004"
    },
    {
      "name": "CVE-2013-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1002"
    },
    {
      "name": "CVE-2013-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0996"
    },
    {
      "name": "CVE-2013-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0997"
    },
    {
      "name": "CVE-2013-1009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1009"
    },
    {
      "name": "CVE-2013-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1011"
    },
    {
      "name": "CVE-2013-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0999"
    },
    {
      "name": "CVE-2013-1023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1023"
    },
    {
      "name": "CVE-2013-1013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1013"
    }
  ],
  "initial_release_date": "2013-06-05T00:00:00",
  "last_revision_date": "2013-06-05T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-341",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple Safari\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5785 du 04 juin 2013",
      "url": "http://support.apple.com/kb/HT5785"
    }
  ]
}

ghsa-65p2-j4g9-gxhr

Vulnerability from github

Published

2022-05-17 05:04

Modified

2022-05-17 05:04

Details

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-1012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-06-05T14:39:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.",
  "id": "GHSA-65p2-j4g9-gxhr",
  "modified": "2022-05-17T05:04:01Z",
  "published": "2022-05-17T05:04:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1012"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/54886"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5785"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5934"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-201306-0222

Vulnerability from variot

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. An attacker may leverage this issue to execute arbitrary script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Note: This issue was previously covered in BID 60330 (Apple Safari Prior to 6.0.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2013-06-04-2 Safari 6.0.5

Safari 6.0.5 is now available and addresses the following:

WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Serna of the Google Security Team CVE-2013-1001 : Ryan Humenick CVE-2013-1002 : Sergey Glazunov CVE-2013-1003 : Google Chrome Security Team (Inferno) CVE-2013-1004 : Google Chrome Security Team (Martin Barbella) CVE-2013-1005 : Google Chrome Security Team (Martin Barbella) CVE-2013-1006 : Google Chrome Security Team (Martin Barbella) CVE-2013-1007 : Google Chrome Security Team (Inferno) CVE-2013-1008 : Sergey Glazunov CVE-2013-1009 : Apple CVE-2013-1010 : miaubiz CVE-2013-1011 : Google Chrome Security Team (Inferno) CVE-2013-1023 : Google Chrome Security Team (Inferno)

WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of iframes. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook

WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Copying and pasting a malicious HTML snippet may lead to a cross-site scripting attack Description: A cross-site scripting issue existed in the handling of copied and pasted data in HTML documents. This issue was addressed through additional validation of pasted content. CVE-ID CVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c (xysec.com)

WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3 Impact: Following a maliciously crafted link could lead to unexpected behavior on the target site Description: XSS Auditor may rewrite URLs to prevent cross-site scripting attacks. This may lead to a malicious alteration of the behavior of a form submission. This issue was addressed through improved validation of URLs. CVE-ID CVE-2013-1013 : Sam Power of Pentest Limited

For OS X Lion systems Safari 6.0.5 is available via the Apple Software Update application.

For OS X Mountain Lion systems Safari 6.0.5 is included with OS X v10.8.4.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJRrjeeAAoJEPefwLHPlZEwCm4P/3WseW2DFgYieiAHghpGQ07e /XuNWzqld4CpXyFUQDkw55DU1Y9dVIIl663rSR0VyXJDB5dMh6iHEBRHX4tarGym beZS0cDuakospFtX4MZgcKXu/8cV7b8lq9tzqH0pL419a61Fjhm1eRfDeM3snXkO kNCRi3nqOCmMroUiY+cJlKHi1x/t+2whISSM3QsIgpU5yyjEU3neMy2TPjuxC48h XZr9XaDX5cztv0MWCX+jkv+OpYPxVtPxBVw6rPLaX2eg7iwBM6yDbLF5i/4oY06t HzF2uCk8TlbFdk05Cr7HxmYV2qBei8VkcO1Mc4Ij3v3Q9iiKBRkr+d0CYQ1HSkrY igfCmfDiEpaKZfzCgwRsVFZ/UhuXTDipTFIzKrZSlbsglVyIQJtKVyyWEZDOKcYL kKCAS+ep0UyFIyeCCjFknd2hMneMR7a4u2XGJm1VtfRCA+ed3Cr0ROS+O9viGjYi Qcm+2yzlWg9vpfojv+uX+aqh6IsprhfqXuF4ypM6D98IQ3fJqx9a0tVIPniFaLuP O39M+UGtPLAw7BMiKkb4XyEajKFwJt1pfddWkC1YjKjtyRGf62BDOtY2KqEsyzpF 5nOzM3Vc+3urbur+69oqJLwRwC/PHkh1ym3LjrmqUW7+okckIGCQGt3iUwIWNKhp 2YgKISKdQYxVSfkzkqYY =jk2e -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201306-0222",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7   (iphone 4 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7   (ipod touch first  5 after generation )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.7"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.5"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios for developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "64"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "60361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1012"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Subodh Iyengar and Erling Ellingsen of Facebook",
    "sources": [
      {
        "db": "BID",
        "id": "60361"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-1012",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2013-1012",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-61014",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-1012",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-1012",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201306-084",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-61014",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61014"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1012"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. \nAn attacker may leverage this issue to execute arbitrary script code in an unsuspecting user\u0027s browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nNote: This issue was previously covered in BID 60330 (Apple Safari Prior  to 6.0.5 Multiple Security Vulnerabilities), but has been given its own  record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-06-04-2 Safari 6.0.5\n\nSafari 6.0.5 is now available and addresses the following:\n\nWebKit\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.3\nImpact:  Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2013-0879 : Atte Kettunen of OUSPG\nCVE-2013-0991 : Jay Civelli of the Chromium development community\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\nCVE-2013-0994 : David German of Google\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\nCVE-2013-0997 : Vitaliy Toropov working with HP\u0027s Zero Day Initiative\nCVE-2013-0998 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-0999 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-1000 : Fermin J. Serna of the Google Security Team\nCVE-2013-1001 : Ryan Humenick\nCVE-2013-1002 : Sergey Glazunov\nCVE-2013-1003 : Google Chrome Security Team (Inferno)\nCVE-2013-1004 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-1005 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-1006 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-1007 : Google Chrome Security Team (Inferno)\nCVE-2013-1008 : Sergey Glazunov\nCVE-2013-1009 : Apple\nCVE-2013-1010 : miaubiz\nCVE-2013-1011 : Google Chrome Security Team (Inferno)\nCVE-2013-1023 : Google Chrome Security Team (Inferno)\n\nWebKit\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.3\nImpact:  Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription:  A cross-site scripting issue existed in the handling of\niframes. This issue was addressed through improved origin tracking. \nCVE-ID\nCVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook\n\nWebKit\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.3\nImpact:  Copying and pasting a malicious HTML snippet may lead to a\ncross-site scripting attack\nDescription:  A cross-site scripting issue existed in the handling of\ncopied and pasted data in HTML documents. This issue was addressed\nthrough additional validation of pasted content. \nCVE-ID\nCVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c\n(xysec.com)\n\nWebKit\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.3\nImpact:  Following a maliciously crafted link could lead to\nunexpected behavior on the target site\nDescription:  XSS Auditor may rewrite URLs to prevent cross-site\nscripting attacks. This may lead to a malicious alteration of the\nbehavior of a form submission. This issue was addressed through\nimproved validation of URLs. \nCVE-ID\nCVE-2013-1013 : Sam Power of Pentest Limited\n\n\nFor OS X Lion systems Safari 6.0.5 is available via\nthe Apple Software Update application. \n\nFor OS X Mountain Lion systems Safari 6.0.5 is included with\nOS X v10.8.4. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJRrjeeAAoJEPefwLHPlZEwCm4P/3WseW2DFgYieiAHghpGQ07e\n/XuNWzqld4CpXyFUQDkw55DU1Y9dVIIl663rSR0VyXJDB5dMh6iHEBRHX4tarGym\nbeZS0cDuakospFtX4MZgcKXu/8cV7b8lq9tzqH0pL419a61Fjhm1eRfDeM3snXkO\nkNCRi3nqOCmMroUiY+cJlKHi1x/t+2whISSM3QsIgpU5yyjEU3neMy2TPjuxC48h\nXZr9XaDX5cztv0MWCX+jkv+OpYPxVtPxBVw6rPLaX2eg7iwBM6yDbLF5i/4oY06t\nHzF2uCk8TlbFdk05Cr7HxmYV2qBei8VkcO1Mc4Ij3v3Q9iiKBRkr+d0CYQ1HSkrY\nigfCmfDiEpaKZfzCgwRsVFZ/UhuXTDipTFIzKrZSlbsglVyIQJtKVyyWEZDOKcYL\nkKCAS+ep0UyFIyeCCjFknd2hMneMR7a4u2XGJm1VtfRCA+ed3Cr0ROS+O9viGjYi\nQcm+2yzlWg9vpfojv+uX+aqh6IsprhfqXuF4ypM6D98IQ3fJqx9a0tVIPniFaLuP\nO39M+UGtPLAw7BMiKkb4XyEajKFwJt1pfddWkC1YjKjtyRGf62BDOtY2KqEsyzpF\n5nOzM3Vc+3urbur+69oqJLwRwC/PHkh1ym3LjrmqUW7+okckIGCQGt3iUwIWNKhp\n2YgKISKdQYxVSfkzkqYY\n=jk2e\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-1012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      },
      {
        "db": "BID",
        "id": "60361"
      },
      {
        "db": "VULHUB",
        "id": "VHN-61014"
      },
      {
        "db": "PACKETSTORM",
        "id": "121925"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-1012",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "54886",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU98681940",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-084",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2013-06-04-2",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "53711",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "60361",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-61014",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "121925",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61014"
      },
      {
        "db": "BID",
        "id": "60361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      },
      {
        "db": "PACKETSTORM",
        "id": "121925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1012"
      }
    ]
  },
  "id": "VAR-201306-0222",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61014"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T12:07:49.732000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2013-09-18-2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
      },
      {
        "title": "APPLE-SA-2013-06-04-2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
      },
      {
        "title": "HT5934",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5934"
      },
      {
        "title": "HT5785",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5785"
      },
      {
        "title": "HT5934",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5934?viewlocale=ja_JP"
      },
      {
        "title": "HT5785",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT5785?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61014"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1012"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://support.apple.com/kb/ht5785"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht5934"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/54886"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1012"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu98681940/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1012"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/53711"
      },
      {
        "trust": 0.3,
        "url": "http://www.webkit.org/"
      },
      {
        "trust": 0.3,
        "url": "url: http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0997"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0996"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0879"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1010"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1001"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0992"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1003"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1005"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1011"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1002"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0993"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1004"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0991"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0999"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1009"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0994"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1007"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0926"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0998"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1006"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1008"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1023"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-61014"
      },
      {
        "db": "BID",
        "id": "60361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      },
      {
        "db": "PACKETSTORM",
        "id": "121925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1012"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-61014"
      },
      {
        "db": "BID",
        "id": "60361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      },
      {
        "db": "PACKETSTORM",
        "id": "121925"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-084"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-1012"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-06-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61014"
      },
      {
        "date": "2013-06-05T00:00:00",
        "db": "BID",
        "id": "60361"
      },
      {
        "date": "2013-06-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      },
      {
        "date": "2013-06-06T14:44:44",
        "db": "PACKETSTORM",
        "id": "121925"
      },
      {
        "date": "2013-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201306-084"
      },
      {
        "date": "2013-06-05T14:39:55.583000",
        "db": "NVD",
        "id": "CVE-2013-1012"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-09-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-61014"
      },
      {
        "date": "2015-03-19T08:29:00",
        "db": "BID",
        "id": "60361"
      },
      {
        "date": "2013-10-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      },
      {
        "date": "2013-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201306-084"
      },
      {
        "date": "2013-09-27T03:43:30.880000",
        "db": "NVD",
        "id": "CVE-2013-1012"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-084"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari Used in products such as  WebKit Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-002891"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201306-084"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2013-1012

Vulnerability from fkie_nvd

Published

2013-06-05 14:39

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
product-security@apple.com	http://secunia.com/advisories/54886
product-security@apple.com	http://support.apple.com/kb/HT5785	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT5934
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54886
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5785	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5934

Impacted products

Vendor	Product	Version
apple	safari	*
apple	safari	6.0
apple	safari	6.0.1
apple	safari	6.0.2
apple	safari	6.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC45BDFA-5562-44D9-8D99-6C454D4042F0",
              "versionEndIncluding": "6.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BA4B009-6BF2-4174-A05C-77B75C45377C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136A760D-2873-4216-AB60-E3D93DE82BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFF3DFE0-2587-4E91-ACC2-45E9B51EF4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "076B9C00-EFB0-4284-A617-FAEE341F80FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad cross-site scripting (XSS) en WebKit en Apple Safari anterior a v6.0.5 permite a atacantes remotos inyectar web scripts arbitrarios o HTML mediante vectores que comprenden elementos IFRAME."
    }
  ],
  "id": "CVE-2013-1012",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-06-05T14:39:55.583",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/54886"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5785"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://support.apple.com/kb/HT5934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5934"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2013-1012

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.

Aliases

CVE-2013-1012

Aliases

CVE-2013-1012

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-1012",
    "description": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.",
    "id": "GSD-2013-1012"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-1012"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.",
      "id": "GSD-2013-1012",
      "modified": "2023-12-13T01:22:20.680175Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2013-1012",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://support.apple.com/kb/HT5785",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5785"
          },
          {
            "name": "54886",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/54886"
          },
          {
            "name": "http://support.apple.com/kb/HT5934",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5934"
          },
          {
            "name": "APPLE-SA-2013-06-04-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
          },
          {
            "name": "APPLE-SA-2013-09-18-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2013-1012"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT5785",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT5785"
            },
            {
              "name": "APPLE-SA-2013-06-04-2",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5934",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5934"
            },
            {
              "name": "APPLE-SA-2013-09-18-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
            },
            {
              "name": "54886",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/54886"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2013-09-27T03:43Z",
      "publishedDate": "2013-06-05T14:39Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-1012 (GCVE-0-2013-1012)

Vulnerability from cvelistv5

CERTA-2013-AVI-536

Vulnerability from certfr_avis

Solution

CERTA-2013-AVI-341

Vulnerability from certfr_avis

Solution

ghsa-65p2-j4g9-gxhr

Vulnerability from github

var-201306-0222

Vulnerability from variot

fkie_cve-2013-1012

Vulnerability from fkie_nvd

gsd-2013-1012

Vulnerability from gsd

Tags

Sightings

Nomenclature