header-logo
Suggest Exploit
vendor:
WebCore
by:
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: WebCore
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:apple:webcore
Metasploit:
Other Scripts:
Platforms Tested:

Apple WebCore Cross-Site Scripting Vulnerability

Apple WebCore is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may exploit this issue by enticing victims into visiting a malicious website. The attacker may leverage this issue to execute arbitrary script code in an application using the affected framework (typically Safari). This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patches and updates provided by Apple. Additionally, users should exercise caution when visiting unfamiliar websites and avoid clicking on suspicious links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24598/info

Apple WebCore is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may exploit this issue by enticing victims into visiting a malicious website.

The attacker may leverage this issue to execute arbitrary script code in an application using the affected framework (typically Safari). This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

xmlhttp.setRequestHeader('Foo', 'baa\nHost: test\n');

The above request is treated as valid and results in:

GET / HTTP/1.1
Accept-Encoding: gzip, deflate
Accept-Language: en
Foo: baa
Host: test

Navigation

Suggest Exploit

Services By CQR