medium
4.3
CWE
79
Advisory Published
CVE Published
Updated

CVE-2008-1036: XSS

First published: Wed May 28 2008(Updated: )

Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2008-1036">CVE-2008-1036</a> to the following vulnerability: International Components for Unicode (ICU) in Apple Mac OS X before 10.5.3 omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. References: <a href="http://lists.apple.com/archives/security-announce/2008//May/msg00001.html">http://lists.apple.com/archives/security-announce/2008//May/msg00001.html</a> Proposed patch (icu part): <a href="http://bugs.icu-project.org/trac/search?q=%22ticket:6175:%22&amp;noquickjump=1&amp;changeset=on">http://bugs.icu-project.org/trac/search?q=%22ticket:6175:%22&amp;noquickjump=1&amp;changeset=on</a> Proposed patch (icu4j part): <a href="http://bugs.icu-project.org/trac/search?q=%22ticket:6198:%22&amp;noquickjump=1&amp;changeset=on">http://bugs.icu-project.org/trac/search?q=%22ticket:6198:%22&amp;noquickjump=1&amp;changeset=on</a>

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Apple macOS Server=10.5.2
Apple macOS Server=10.4.11
Apple iOS and macOS=10.5.1
Apple macOS Server=10.5.1
Red Hat Enterprise Linux=5
Apple iOS and macOS=10.5
Apple iOS and macOS=10.5.2
Apple iOS and macOS=10.4.11
Apple macOS Server=10.5

Remedy

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

Remedy

http://www.us-cert.gov/cas/techalerts/TA08-150A.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2008-1036?

    CVE-2008-1036 is considered a moderate severity vulnerability as it affects character encoding and can lead to potential security issues in affected systems.

  • How do I fix CVE-2008-1036?

    To fix CVE-2008-1036, update your Apple Mac OS X or Red Hat Enterprise Linux system to the latest version that addresses this vulnerability.

  • Which versions are affected by CVE-2008-1036?

    CVE-2008-1036 affects Apple Mac OS X versions 10.4.11, 10.5.1, and 10.5.2 as well as Red Hat Enterprise Linux version 5.

  • What are the potential impacts of CVE-2008-1036?

    The potential impacts of CVE-2008-1036 include incorrect data handling which could lead to denial of service or security bypass.

  • Is CVE-2008-1036 exploitable remotely?

    CVE-2008-1036 can potentially be exploited remotely if an application processes untrusted data using the affected ICU version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203