Computer Security
[EN] securityvulns.ru no-pyccku


Apple Safari / Konqueror SCRIPT tag filtering bypass
Published:24.01.2007
Source:
SecurityVulns ID:7091
Type:client
Threat Level:
3/10
Description:Brower follows <script> tags within HTML comment. It violates HTML standard.
Affected:KDE : KDE 3.5
 APPLE : MacOS X 10.4
 KDE : Konqueror 3.5
CVE:CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.)
 CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.)
Original documentdocumentJose Avila III, Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability (24.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod