Cross-Site Scripting Flaw in Safari and iOS Products by Apple
CVE-2019-8762

6.1MEDIUM

Key Information:

Vendor
Apple
Status
iOS And iPad OS
TV OS
Safari
Itunes For Windows
Vendor
CVE Published:
27 October 2020

Summary

A validation flaw exists in Apple's Safari web browser and several iOS products, which may allow attackers to craft malicious web content. If exploited, this vulnerability could lead to universal cross-site scripting attacks, enabling unauthorized access and manipulation of user data. Apple has addressed this issue in the latest versions of their products, and users are urged to update to the most recent software versions to mitigate risks associated with this vulnerability.

Affected Version(s)

iCloud for Windows < 10.7

iCloud for Windows < 7.14

iOS and iPadOS < 13.1

References

https://support.apple.com/en-us/HT210604
x_refsource_MISC
https://support.apple.com/en-us/HT210603
x_refsource_MISC
https://support.apple.com/en-us/HT210635
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.