VYPR
Medium severity6.1NVD Advisory· Published Jul 22, 2016· Updated Jun 17, 2026

CVE-2016-4651

CVE-2016-4651

Description

Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Apple Inc./Safari2 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=9.1.1
    • (no CPE)range: <9.1.2
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=9.3.2
  • Apple Inc./iOSllm-fuzzy
    Range: <9.3.3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.