Apple Safari Error Page Cross-Site Scripting Vulnerability

Apple Safari Error Page Cross-Site Scripting Vulnerability

Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.