CVE-2019-8762

6.1MEDIUM

Key Information:

Vendor
Apple
Status
iOS And iPad OS
TV OS
Safari
Itunes For Windows
Vendor
CVE Published:
27 October 2020

Summary

A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.

Affected Version(s)

iCloud for Windows < 10.7

iCloud for Windows < 7.14

iOS and iPadOS < 13.1

References

https://support.apple.com/en-us/HT210604
x_refsource_MISC
https://support.apple.com/en-us/HT210603
x_refsource_MISC
https://support.apple.com/en-us/HT210635
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.