CVE-2011-3426

Published: Oct 14, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.

Affected (29)

Products: Apple: Iphone Os

1 product

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 3.0
Apple Iphone Os	Version 3.1.2
Apple Iphone Os	Version 3.1.3
Apple Iphone Os	Version 3.1
Apple Iphone Os	Version 3.1
Apple Iphone Os	Version 3.1
Apple Iphone Os	Version 3.2.1
Apple Iphone Os	Version 3.2.1
Apple Iphone Os	Version 3.2.2
Apple Iphone Os	Version 3.2
Apple Iphone Os	Version 3.2
Apple Iphone Os	Version 4.0.1
Apple Iphone Os	Version 4.0.1
Apple Iphone Os	Version 4.0.1
Apple Iphone Os	Version 4.0.2
Apple Iphone Os	Version 4.0
Apple Iphone Os	Version 4.0
Apple Iphone Os	Version 4.0
Apple Iphone Os	Version 4.1
Apple Iphone Os	Version 4.2.1
Apple Iphone Os	Version 4.2.5
Apple Iphone Os	Version 4.2.8
Apple Iphone Os	Version 4.3.0
Apple Iphone Os	Version 4.3.1
Apple Iphone Os	Version 4.3.2
Apple Iphone Os	Version 4.3.3
Apple Iphone Os	Version 4.3.5
Apple Iphone Os	Version 4.3.5
Apple Iphone Os	Version 4.3.5

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (18)

http://jvn.jp/en/jp/JVN41657660/index.html

Source: product-security@apple.com

http://jvndb.jvn.jp/jvndb/JVNDB-2011-000088

Source: product-security@apple.com

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html

Source: product-security@apple.com

http://osvdb.org/76334

Source: product-security@apple.com

http://seclists.org/fulldisclosure/2014/Jul/158

Source: product-security@apple.com

http://support.apple.com/kb/HT4999

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT5400

Source: product-security@apple.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/70558

Source: product-security@apple.com

http://jvn.jp/en/jp/JVN41657660/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://jvndb.jvn.jp/jvndb/JVNDB-2011-000088

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/76334

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2014/Jul/158

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4999

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT5400

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/70558

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.