CVE-2008-1003 - OpenCVE

Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari:0.8:::::::*
	cpe:2.3:a:apple:safari:0.9:::::::*
	cpe:2.3:a:apple:safari:1.0:::::::*
	cpe:2.3:a:apple:safari:1.1:::::::*
	cpe:2.3:a:apple:safari:1.2:::::::*
	cpe:2.3:a:apple:safari:1.3:::::::*
	cpe:2.3:a:apple:safari:1.3.1:::::::*
	cpe:2.3:a:apple:safari:1.3.2:::::::*
	cpe:2.3:a:apple:safari:2.0:::::::*
	cpe:2.3:a:apple:safari:2.0.2:::::::*
	cpe:2.3:a:apple:safari:2.0.4:::::::*
	cpe:2.3:a:apple:safari:3.0:::::::*
	cpe:2.3:a:apple:safari:3.0.1:::::::*
	cpe:2.3:a:apple:safari:3.0.2:::::::*
	cpe:2.3:a:apple:safari:3.0.3:::::::*
	cpe:2.3:a:apple:safari:3.0.4:::::::*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307563
http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html	Patch
http://secunia.com/advisories/29393
http://www.securityfocus.com/bid/28290
http://www.securityfocus.com/bid/28330
http://www.securitytracker.com/id?1019653
http://www.us-cert.gov/cas/techalerts/TA08-079A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/0920/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41334

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-19T00:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-02-26T00:00:00

Link: CVE-2008-1003

JSON object: View

NVD Information

Status : Modified

Published: 2008-03-19T00:44:00.000

Modified: 2017-08-08T01:29:48.760

Link: CVE-2008-1003

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1019653", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019653"}, {"name": "TA08-079A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"name": "28330", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28330"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"}, {"name": "28290", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28290"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307563"}, {"name": "safari-documentdomain-security-bypass(41334)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41334"}, {"name": "ADV-2008-0920", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0920/references"}, {"name": "29393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29393"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1003", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1019653", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019653"}, {"name": "TA08-079A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"name": "28330", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28330"}, {"name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"}, {"name": "28290", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28290"}, {"name": "http://docs.info.apple.com/article.html?artnum=307563", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307563"}, {"name": "safari-documentdomain-security-bypass(41334)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41334"}, {"name": "ADV-2008-0920", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0920/references"}, {"name": "29393", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29393"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1003", "datePublished": "2008-03-19T00:00:00", "dateReserved": "2008-02-26T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "09F4ADD0-449B-4DDD-9878-DE86CBD56756", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2E0AECB7-FE62-4664-B3B8-8161DA6DA4BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A419AE8-F5A2-4E25-9004-AAAB325E201A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "857C92E2-6870-409A-9457-75F8C5C7B959", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "443FF271-A3AB-4659-80B2-89F771BF5371", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EDD80AB-2A6C-47FF-A1E9-DEB273C6B4E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9315ADD-5B97-4639-9B59-806EFD7BC247", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E7DD81AB-27D6-4CB0-BBF0-5710DAD55A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebCore, usado en Apple Safari anterior a 3.1, permite a atacantes remotos inyectar secuencias de comandos web o html de su elecci\u00f3n a trav\u00e9s de vectores desconocidos en relaci\u00f3n a sitios que han establecido la propiedad document.domain o que tienen el mismo document.domain."}], "id": "CVE-2008-1003", "lastModified": "2017-08-08T01:29:48.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-03-19T00:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307563"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29393"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28290"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28330"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019653"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0920/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41334"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}