CVE-2020-9952

7.1HIGH

Key Information:

Vendor: Apple
Status: iOS; TV OS; Watch OS; Safari
Vendor: CVE Published:; 16 October 2020

Summary

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/HT211850

x_refsource_MISC

https://support.apple.com/HT211844

x_refsource_MISC

https://support.apple.com/HT211845

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2020
Vulnerability Reserved
Mar 2, 2020

.