Unrated severityNVD Advisory· Published Oct 14, 2011· Updated Apr 29, 2026

CVE-2011-3243

Description

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebKit in iOS before 5 and Safari before 5.1.1 does not sanitize inactive DOM windows, allowing XSS.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1. The flaw arises from improper sanitization of inactive DOM windows, allowing injected script or HTML to execute in the context of the affected application. This affects iOS versions prior to 5 on devices such as iPhone 3GS, iPhone 4, iPod touch (3rd generation and later), and iPad, as well as Safari versions before 5.1.1 on Mac OS X and Windows. [1]

Exploitation

An attacker can exploit this vulnerability by convincing a user to visit a malicious website that contains crafted vectors targeting inactive DOM windows. No authentication or privileged network position is required beyond the ability to deliver web content to the victim's browser. The attack is triggered when the browser processes the malicious content, leading to script execution. [1]

Impact

Successful exploitation allows a remote attacker to inject arbitrary web script or HTML into the context of the victim's browser session. This can lead to information disclosure, session hijacking, or other actions that the compromised application permits, potentially exposing sensitive user data. [1]

Mitigation

The vulnerability is addressed in Apple iOS 5 and Safari 5.1.1. Users should update to these versions or later via iTunes for iOS devices or the Software Update mechanism for Safari on desktop. No workarounds are provided by the vendor; updating is the only recommended mitigation. [1]

References

About the security content of iOS 5 Software Update - Apple Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

128

Apple Inc./Safari97 versions
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 96 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0b1:-:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:2.0.4:-:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.0b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.0:-:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.1:-:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.2b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.3b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.3:-:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.4b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.0.4:-:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.0b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.0:-:mac:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.1b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.1.2b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.0b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.1b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:3.2.2b:-:windows:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apple:safari:5.0.6:*:*:*:*:*:*:*
- (no CPE)range: <5.1.1
Apple Inc./Iphone Os29 versions
cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*+ 28 more
- cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1.2:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1.3:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*
Apple Inc./Webkitllm-fuzzy
Apple Inc./iOSllm-fuzzy
Range: <5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/Security-announce/2011//Oct/msg00001.htmlnvdVendor Advisory
lists.apple.com/archives/Security-announce/2011//Oct/msg00004.htmlnvdVendor Advisory
support.apple.com/kb/HT4999nvdVendor Advisory
support.apple.com/kb/HT5000nvdVendor Advisory
osvdb.org/76353nvd
www.securityfocus.com/bid/50088nvd
exchange.xforce.ibmcloud.com/vulnerabilities/70564nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000