Unrated severityNVD Advisory· Published Jun 17, 2010· Updated Apr 29, 2026

CVE-2010-1382

Description

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting (XSS) in Apple Wiki Server for Mac OS X 10.5.8 and 10.6 before 10.6.4 allows remote authenticated users to inject arbitrary script via crafted Wiki content due to missing charset field.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the Wiki Server component of Apple Mac OS X versions 10.5.8 and 10.6 before 10.6.4 [1]. The issue stems from the lack of a charset field when processing Wiki content, allowing injectable script to be interpreted incorrectly by the browser.

Exploitation

A remote attacker must be an authenticated user of the Wiki Server. The attacker can then craft malicious Wiki content containing arbitrary web script or HTML, which when viewed by other users will execute in the context of the affected site.

Impact

Successful exploitation allows the attacker to inject arbitrary web script or HTML into the Wiki page, leading to potential information disclosure, session hijacking, or other client-side attacks within the affected application's security context [1].

Mitigation

Apple addressed the issue in Security Update 2010-004 / Mac OS X v10.6.4, released in June 2010 [1]. Users should update to Mac OS X v10.6.4 or later, or apply the security update for version 10.5.8. No workaround is documented in the referenced source.

References

About the security content of Security Update 2010-004 / Mac OS X v10.6.4 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X5 versions
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
Apple Inc./Mac Os X Server5 versions
cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
Apple Inc./Wiki Serverllm-fuzzy
Range: 10.5.8 and 10.6 before 10.6.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/kb/HT4188nvdPatchVendor Advisory
www.securityfocus.com/bid/40871nvdPatch
lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlnvdVendor Advisory
secunia.com/advisories/40220nvdVendor Advisory
www.vupen.com/english/advisories/2010/1481nvdVendor Advisory
securitytracker.com/idnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000