Vulnerability Database

321,592

Total vulnerabilities in the database

CVE-2015-3729

Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.

Published: Aug 16, 2015
Updated: Nov 9, 2025
CVE: CVE-2015-3729
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-254

Affected Software
References

Software	From	Fixed in
apple / safari	6.0	6.2.8
apple / safari	7.0	7.1.8
apple / safari	8.0	8.0.8

http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
http://www.securityfocus.com/bid/76342
http://www.securitytracker.com/id/1033274
https://support.apple.com/kb/HT205030
https://support.apple.com/kb/HT205033

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo