CVE-2008-3622

Name of the Vulnerable Software and Affected Versions Mac OS X versions 10.5 through 10.5.4

Description The issue is related to a cross-site scripting (XSS) vulnerability in the Wiki Server component. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive. The term 'persistent JavaScript injection' refers to the ability of an attacker to inject JavaScript code that is stored on the server and executed whenever a user accesses the affected page.

Recommendations For Mac OS X versions 10.5 through 10.5.4, consider disabling the Wiki Server component until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to mailing-list archives to minimize the risk of malicious e-mail messages being processed.