header-logo
Suggest Exploit
vendor:
WebKit
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Domain Scripting
16
CWE
Product Name: WebKit
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

WebKit Cross-Domain Scripting Vulnerability

A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible. An example exploit code is given above.

Mitigation:

Ensure that the same-origin policy is enforced properly and that all user-supplied input is validated before being used.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/35441/info

WebKit is prone to a cross-domain scripting vulnerability.

A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible. 

<iframe src="http://www.example.com/safari/safari2.html" onload="this.contentWindow.parent=this.contentWindow.top=alert;"></iframe>