Vulnerabilities > Apple > Safari > 3.0

DATE	CVE	VULNERABILITY TITLE	RISK
2008-03-19	CVE-2008-1006	Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. network apple CWE-79	4.3
2008-03-19	CVE-2008-1005	Information Exposure vulnerability in Apple Safari WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. local low complexity apple CWE-200	2.1
2008-03-19	CVE-2008-1004	Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. network apple CWE-79	4.3
2008-03-19	CVE-2008-1003	Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. network apple CWE-79	4.3
2008-03-19	CVE-2008-1002	Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. network apple CWE-79	4.3
2008-03-19	CVE-2008-1001	Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. network microsoft apple CWE-79	4.3
2007-11-15	CVE-2007-4698	Cross-Site Scripting vulnerability in Apple Safari Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. network apple CWE-79	4.3
2007-11-15	CVE-2007-4692	Improper Authentication vulnerability in Apple Safari The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. network apple microsoft CWE-287	4.3
2007-09-27	CVE-2007-4671	Improper Input Validation vulnerability in Apple Safari Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. network apple CWE-20	6.8
2007-09-27	CVE-2007-3760	Cross-site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. network apple CWE-79	4.3