CVE-2020-9952

EPSS 0.42%
Published 16.10.2020 17:15:17
Last modified 21.11.2024 05:41:35
Source product-security@apple.com
Teams watchlist Login
Open Login

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.

Affected products Warnungen 0 Metrics 3 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ iCloud SwPlatformwindows Version < 7.21

Apple ≫ iCloud SwPlatformwindows Version >= 11.0 < 11.4

Apple ≫ Safari Version < 14.0

Apple ≫ iPadOS Version < 14.0

Apple ≫ iPhone OS Version < 14.0

Apple ≫ tvOS Version < 14.0

Apple ≫ watchOS Version < 7.0

Webkit ≫ Webkitgtk+ Version <= 2.30.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.612

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	2.8	3.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:N/I:P/A:P

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://seclists.org/fulldisclosure/2020/Nov/20

Third Party Advisory

Mailing List

https://support.apple.com/HT211850

Vendor Advisory

http://seclists.org/fulldisclosure/2020/Nov/19

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2020/Nov/22

Third Party Advisory

Mailing List

https://support.apple.com/HT211844