CVE-2019-8503

Published: Dec 18, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website.

Affected (5)

Products: Apple: Icloud, Iphone Os, Itunes, Safari, Tvos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Icloud	Before 7.11
Apple Iphone Os	Before 12.2
Apple Itunes	Before 12.9.4
Apple Safari	Before 12.1
Apple Tvos	Before 12.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.