The host is installed with Apple Safari before 5.1.4 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle a malicious website. Successful exploitation allows remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.