CVE-2016-4651
- Source
- https://cve.org/CVERecord?id=CVE-2016-4651
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4651.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-4651
- Downstream
- Published
- 2016-07-22T03:00:09.137Z
- Modified
- 2026-03-14T14:15:35.611906Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.
- References
-
- http://www.securitytracker.com/id/1036343
- http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
- http://www.securityfocus.com/archive/1/539295/100/0/threaded
- http://www.securityfocus.com/bid/91835
- https://support.apple.com/HT206900
- https://support.apple.com/HT206902
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html