Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."Referenceshttp://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://www.vupen.com/english/advisories/2010/1481http://www.securityfocus.com/bid/40871http://securitytracker.com/id?1024103http://support.apple.com/kb/HT4188http://secunia.com/advisories/40220
