7.1

CVE-2020-9952

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiCloud SwPlatformwindows Version < 7.21
AppleiCloud SwPlatformwindows Version >= 11.0 < 11.4
AppleSafari Version < 14.0
AppleiPadOS Version < 14.0
AppleiPhone OS Version < 14.0
AppletvOS Version < 14.0
ApplewatchOS Version < 7.0
WebkitWebkitgtk+ Version <= 2.30.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.48% 0.705
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 2.8 3.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://seclists.org/fulldisclosure/2020/Nov/20
Third Party Advisory
Mailing List
https://support.apple.com/HT211850
Vendor Advisory
http://seclists.org/fulldisclosure/2020/Nov/19
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2020/Nov/22
Third Party Advisory
Mailing List
https://support.apple.com/HT211844
Vendor Advisory
Release Notes
http://seclists.org/fulldisclosure/2020/Nov/18
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2020/11/23/3
Mailing List
https://security.gentoo.org/glsa/202012-10
Third Party Advisory
https://support.apple.com/HT211845
Vendor Advisory
Release Notes
https://support.apple.com/HT211843
Vendor Advisory
Release Notes
https://support.apple.com/HT211846
Vendor Advisory
Release Notes
https://support.apple.com/HT211847
Vendor Advisory
Release Notes