Input Validation Issue in Apple Safari and related products
CVE-2020-9843

7.1HIGH

Key Information:

Vendor
Apple
Status
iOS
TV OS
Watch OS
Safari
Vendor
CVE Published:
9 June 2020

Summary

A vulnerability exists in Apple Safari and various related products stemming from improper input validation. This flaw can allow maliciously crafted web content to be processed, potentially leading to cross-site scripting (XSS) attacks. The issue has been addressed in recent updates for multiple Apple platforms, enhancing security through improved validation techniques.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/HT211168
x_refsource_MISC
https://support.apple.com/HT211171
x_refsource_MISC
https://support.apple.com/HT211175
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.