CVE-2005-3352, CVE-2005-3357, CVE-2006-3747, CVE-2007-0071, CVE-2007-1863, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5275, CVE-2007-6019, CVE-2007-6359, CVE-2007-6388, CVE-2007-6612, CVE-2008-0177, CVE-2008-1027, CVE-2008-1028, CVE-2008-1030, CVE-2008-1031, CVE-2008-1032, CVE-2008-1033, CVE-2008-1034, CVE-2008-1035, CVE-2008-1571, CVE-2008-1572, CVE-2008-1573, CVE-2008-1574, CVE-2008-1575, CVE-2008-1576, CVE-2008-1577, CVE-2008-1578, CVE-2008-1579, CVE-2008-1580, CVE-2008-1654, CVE-2008-1655
Published on 02/06/08 - Updated on 29/09/17
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
CWE-79 (Cross-Site Scripting (XSS))
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.