Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote malicious users to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x server 10.4.11 |
||
apple mac os x server 10.5.2 |
||
apple mac os x 10.4.11 |
||
apple mac os x 10.5.2 |