What is the severity of CVE-2008-1006?

CVE-2008-1006 is considered a moderate severity vulnerability due to its potential to allow cross-site scripting attacks.

How do I fix CVE-2008-1006?

To fix CVE-2008-1006, users should update their Apple Safari browser to a version that is not affected by this vulnerability.

Which versions of Safari are affected by CVE-2008-1006?

CVE-2008-1006 affects various versions of Apple Safari, specifically those prior to version 3.1.

What type of attack does CVE-2008-1006 enable?

CVE-2008-1006 enables attackers to perform cross-site scripting (XSS) attacks by injecting arbitrary web scripts into web pages.

Who are the attackers that can exploit CVE-2008-1006?

Remote attackers can exploit CVE-2008-1006 by using it to modify the security context of a web page.

Vulnerability/
CVE-2008-1006

medium

4.3

CWE

19/3/2008

7/8/2024

CVE-2008-1006: XSS

First published: Wed Mar 19 2008(Updated: )

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apple Mobile Safari	=1.3.2
Apple Mobile Safari	=3.0.4
Apple Mobile Safari	=2.0.2
Apple Mobile Safari	=3.0.1
Apple Mobile Safari	=3.0.2
Apple Mobile Safari	=1.0
Apple Mobile Safari	=1.3
Apple Mobile Safari	=3.0.3
Apple Mobile Safari	=2.0
Apple Mobile Safari	=0.8
Apple Mobile Safari	=2.0.4
Apple Mobile Safari	=1.1
Apple Mobile Safari	=1.3.1
Apple Mobile Safari	=1.2
Apple Mobile Safari	=3.0
Apple Mobile Safari	=0.9

Remedy

http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-1006?
CVE-2008-1006 is considered a moderate severity vulnerability due to its potential to allow cross-site scripting attacks.
How do I fix CVE-2008-1006?
To fix CVE-2008-1006, users should update their Apple Safari browser to a version that is not affected by this vulnerability.
Which versions of Safari are affected by CVE-2008-1006?
CVE-2008-1006 affects various versions of Apple Safari, specifically those prior to version 3.1.
What type of attack does CVE-2008-1006 enable?
CVE-2008-1006 enables attackers to perform cross-site scripting (XSS) attacks by injecting arbitrary web scripts into web pages.
Who are the attackers that can exploit CVE-2008-1006?
Remote attackers can exploit CVE-2008-1006 by using it to modify the security context of a web page.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/remedy
agent/author
agent/last-modified-date
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/apple
canonical/apple mobile safari
version/apple mobile safari/1.3.2
version/apple mobile safari/3.0.4
version/apple mobile safari/2.0.2
version/apple mobile safari/3.0.1
version/apple mobile safari/3.0.2
version/apple mobile safari/1.0
version/apple mobile safari/1.3
version/apple mobile safari/3.0.3
version/apple mobile safari/2.0
version/apple mobile safari/0.8
version/apple mobile safari/2.0.4
version/apple mobile safari/1.1
version/apple mobile safari/1.3.1
version/apple mobile safari/1.2
version/apple mobile safari/3.0
version/apple mobile safari/0.9