CVE Database · CVE-2010-1407
CVSS v3.1
N/A
EPSS
2.60%
Published
Jun 22, 2010
Modified
Apr 28, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.
Weaknesses (CWE)
Affected Products (22)
References (20)
