Logic Issue in iOS and macOS Products Leading to Cross Site Scripting
CVE-2019-8658

6.1MEDIUM

Key Information:

Vendor

Apple
Status
iOS
Mac OS
TV OS
Watch OS
Vendor
CVE Published:
18 December 2019

What is CVE-2019-8658?

A logic issue found in certain Apple products could allow for maliciously crafted web content to lead to universal cross site scripting exploits. This vulnerability was addressed with enhanced state management, mitigating the risk of attackers leveraging this flaw. Users are encouraged to update their software to the latest versions to protect against potential threats associated with this vulnerability.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Microsoft Store) < unspecified

iOS < unspecified

References

https://support.apple.com/HT210353
x_refsource_MISC
https://support.apple.com/HT210346
x_refsource_MISC
https://support.apple.com/HT210348
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.