Cross-Site Scripting Vulnerability in Apple Products
CVE-2020-9805

7.1HIGH

Key Information:

Vendor
Apple
Status
iOS
TV OS
Watch OS
Safari
Vendor
CVE Published:
9 June 2020

Summary

A logic issue in various Apple software products could allow processing of maliciously crafted web content, which may lead to universal cross-site scripting. This vulnerability affects multiple versions of iOS, iPadOS, tvOS, watchOS, Safari, and iTunes for Windows. Apple has addressed the issue with improved restrictions to enhance security. Users are advised to update their devices to the latest versions to mitigate risks associated with this vulnerability.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/HT211168
x_refsource_MISC
https://support.apple.com/HT211171
x_refsource_MISC
https://support.apple.com/HT211175
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.