Safari Browser Cross-Site Scripting Risk: Malicious Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.1

Safari Browser Cross-Site Scripting Risk: Malicious Code Execution

CVE-2025-13902

Summary

An attacker could inject malicious code into a web page that would run when you hover over it, potentially taking control of your browser. This could happen on a website you trust, which is why it's essential to take action to protect yourself. Update your browser and be cautious when interacting with unfamiliar websites to minimize the risk.

Original title

Original description

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload.

nvd CVSS4.0 5.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-069-02&p_enDoc...

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026