VYPR
Unrated severityNVD Advisory· Published May 8, 2015· Updated Jun 17, 2026

CVE-2015-1156

CVE-2015-1156

Description

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

22
  • Apple Inc./Safari21 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=6.2.5
    • cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*
    • (no CPE)range: <6.2.6, <7.1.6, <8.0.6
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=8.3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.