CVE-2010-1418 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-1418 Interim 1 5 2023-12-09T01:58:17Z current 2021-05-30T12:51:18Z 2023-12-09T01:58:17Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-1418 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KILI6WO4HD4UVXOVYK2U6VA77TI7DFZT/#KILI6WO4HD4UVXOVYK2U6VA77TI7DFZT E-Mail link for SUSE-SR:2010:015 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C2VK7FPKD3ZEG555N25GLTFTZJJB237A/#C2VK7FPKD3ZEG555N25GLTFTZJJB237A E-Mail link for SUSE-SR:2011:002 https://www.suse.com/support/security/rating/ SUSE Security Ratings Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces. CVE-2010-1418 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N