CVE-2009-1724

Description

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.

How to fix CVE-2009-1724

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/kde4libs—no fix listed

Is CVE-2009-1724 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (14)

• ADVISORYsecunia.com/advisories/35758
• ADVISORYsecunia.com/advisories/36677
• ADVISORYsecunia.com/advisories/43068
• ADVISORYwww.vupen.com/english/advisories/2009/1827
• ADVISORYwww.vupen.com/english/advisories/2011/0212