Cross-Site Scripting (XSS) Vulnerability in WebKit Web Inspector in Apple Safari

CVE-2011-0169 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

Learn more about our Cis Benchmark Audit For Safari Browser.