CVE-2007-3482

Published: Jun 28, 2007Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.

Affected (1)

Products: Apple: Safari

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Safari	All versions

Running on/with	Platform Versions
Microsoft Windows Nt	Version 3.0.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://osvdb.org/38860

Source: cve@mitre.org

http://www.0x000000.com/?i=371

Source: cve@mitre.org

http://www.securityfocus.com/bid/24700

Source: cve@mitre.org

http://osvdb.org/38860

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.0x000000.com/?i=371

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24700

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.