6.1

CVE-2019-8658

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiCloud SwPlatformwindows Version < 7.13
AppleiCloud SwPlatformwindows Version >= 10.0 < 10.6
AppleiTunes SwPlatformwindows Version < 12.9.6
AppleSafari Version < 12.1.2
AppleiPhone OS Version < 12.4
ApplemacOS X Version < 10.14.6
AppletvOS Version < 12.4
ApplewatchOS Version < 5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.24% 0.656
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://support.apple.com/HT210346
Vendor Advisory
https://support.apple.com/HT210348
Vendor Advisory
https://support.apple.com/HT210351
Vendor Advisory
https://support.apple.com/HT210353
Vendor Advisory
https://support.apple.com/HT210355
Vendor Advisory
https://support.apple.com/HT210356
Vendor Advisory
https://support.apple.com/HT210357
Vendor Advisory
https://support.apple.com/HT210358
Vendor Advisory