2.6
CVE-2011-3218
- EPSS 0.66%
- Published 14.10.2011 10:55:08
- Last modified 11.04.2025 00:51:21
- Source product-security@apple.com
- Teams watchlist Login
- Open Login
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.
Data is provided by the National Vulnerability Database (NVD)
Apple ≫ macOS X Server Version <= 10.6.8
Apple ≫ macOS X Server Version10.0
Apple ≫ macOS X Server Version10.0.0
Apple ≫ macOS X Server Version10.0.1
Apple ≫ macOS X Server Version10.0.2
Apple ≫ macOS X Server Version10.0.3
Apple ≫ macOS X Server Version10.0.4
Apple ≫ macOS X Server Version10.1
Apple ≫ macOS X Server Version10.1.0
Apple ≫ macOS X Server Version10.1.1
Apple ≫ macOS X Server Version10.1.2
Apple ≫ macOS X Server Version10.1.3
Apple ≫ macOS X Server Version10.1.4
Apple ≫ macOS X Server Version10.1.5
Apple ≫ macOS X Server Version10.2
Apple ≫ macOS X Server Version10.2.0
Apple ≫ macOS X Server Version10.2.1
Apple ≫ macOS X Server Version10.2.2
Apple ≫ macOS X Server Version10.2.3
Apple ≫ macOS X Server Version10.2.4
Apple ≫ macOS X Server Version10.2.5
Apple ≫ macOS X Server Version10.2.6
Apple ≫ macOS X Server Version10.2.7
Apple ≫ macOS X Server Version10.2.8
Apple ≫ macOS X Server Version10.3
Apple ≫ macOS X Server Version10.3.0
Apple ≫ macOS X Server Version10.3.1
Apple ≫ macOS X Server Version10.3.2
Apple ≫ macOS X Server Version10.3.3
Apple ≫ macOS X Server Version10.3.4
Apple ≫ macOS X Server Version10.3.5
Apple ≫ macOS X Server Version10.3.6
Apple ≫ macOS X Server Version10.3.7
Apple ≫ macOS X Server Version10.3.8
Apple ≫ macOS X Server Version10.3.9
Apple ≫ macOS X Server Version10.4
Apple ≫ macOS X Server Version10.4.0
Apple ≫ macOS X Server Version10.4.1
Apple ≫ macOS X Server Version10.4.2
Apple ≫ macOS X Server Version10.4.3
Apple ≫ macOS X Server Version10.4.4
Apple ≫ macOS X Server Version10.4.5
Apple ≫ macOS X Server Version10.4.6
Apple ≫ macOS X Server Version10.4.7
Apple ≫ macOS X Server Version10.4.8
Apple ≫ macOS X Server Version10.4.9
Apple ≫ macOS X Server Version10.4.10
Apple ≫ macOS X Server Version10.4.11
Apple ≫ macOS X Server Version10.5
Apple ≫ macOS X Server Version10.5.0
Apple ≫ macOS X Server Version10.5.1
Apple ≫ macOS X Server Version10.5.2
Apple ≫ macOS X Server Version10.5.3
Apple ≫ macOS X Server Version10.5.4
Apple ≫ macOS X Server Version10.5.5
Apple ≫ macOS X Server Version10.5.6
Apple ≫ macOS X Server Version10.5.7
Apple ≫ macOS X Server Version10.5.8
Apple ≫ macOS X Server Version10.6.0
Apple ≫ macOS X Server Version10.6.1
Apple ≫ macOS X Server Version10.6.2
Apple ≫ macOS X Server Version10.6.3
Apple ≫ macOS X Server Version10.6.4
Apple ≫ macOS X Server Version10.6.5
Apple ≫ macOS X Server Version10.6.6
Apple ≫ macOS X Server Version10.6.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.66% | 0.687 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.