CVE-2013-5227

high

Description

Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.

References

http://www.securityfocus.com/bid/64355

http://support.apple.com/kb/HT6441

http://support.apple.com/kb/HT6162

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

http://archives.neohapsis.com/archives/bugtraq/2013-12/0087.html

http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html

Details

Source: Mitre, NVD

Published: 2013-12-18

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00283

Detections

Analytics