The host is installed with Google Chrome before 13.0.782.107 or Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to enforce proper security restrictions. Successful exploitation allows attackers to bypass same origin policy and conduct script injection attacks.