CVE-2009-0162 — MEDIUM (4.3)

Q: How severe is CVE-2009-0162?

CVE-2009-0162 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-0162?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server, Microsoft Windows Vista, Microsoft Windows Xp, Apple Safari.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Mac Os X	10.5.0
Apple	Mac Os X Server	10.5.0
Microsoft	Windows Vista	All versions
Microsoft	Windows Xp	All versions
Apple	Safari	<= 3.2.2

Related Weaknesses (CWE)

CWE-79

References

http://lists.apple.com/archives/security-announce/2009/May/msg00000.htmlPatchVendor Advisory
http://lists.apple.com/archives/security-announce/2009/May/msg00001.htmlPatchVendor Advisory
http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlPatchVendor Advisory
http://secunia.com/advisories/35056
http://secunia.com/advisories/35074
http://support.apple.com/kb/HT3549PatchVendor Advisory
http://support.apple.com/kb/HT3550
http://www.securityfocus.com/bid/34925
http://www.securitytracker.com/id?1022206
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlUS Government Resource
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1298
https://exchange.xforce.ibmcloud.com/vulnerabilities/50476
http://lists.apple.com/archives/security-announce/2009/May/msg00000.htmlPatchVendor Advisory
http://lists.apple.com/archives/security-announce/2009/May/msg00001.htmlPatchVendor Advisory

FAQ

What is CVE-2009-0162?

CVE-2009-0162 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via ...

How severe is CVE-2009-0162?

CVE-2009-0162 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0162?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server, Microsoft Windows Vista, Microsoft Windows Xp, Apple Safari.