Search for vulnerabilities
| Vulnerability ID | VCID-drbr-gaeu-aaaa |
| Aliases |
CVE-2009-1684
|
| Summary | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 3.9 |
| Risk | 7.8 |
| Affected and Fixed Packages | Package Details |
| Data source | Exploit-DB |
|---|---|
| Date added | May 8, 2009 |
| Description | WebKit - JavaScript 'onload()' Event Cross Domain Scripting |
| Ransomware campaign use | Known |
| Source publication date | May 8, 2009 |
| Exploit type | remote |
| Platform | multiple |
| Source update date | April 26, 2014 |
| Source URL | https://www.securityfocus.com/bid/35315/info |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Percentile | 0.66742 |
| EPSS Score | 0.01245 |
| Published At | March 29, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| There are no relevant records. | ||||