← Back

CVE-2020-3867

nvd nist
Published: Feb 27, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.

Affected (9)

Apple
6 products
Icloud
Ipados
Iphone Os
Itunes
Safari
Tvos
Opensuse
1 product
Leap
Webkitgtk
1 product
Webkitgtk
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Icloud
Before 7.17
Icloud
From 10.0 to 10.8
Ipados
Before 13.3.1
Iphone Os
Before 13.3.1
Itunes
Before 12.10.4
Safari
Before 13.0.5
Tvos
Before 13.3.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Leap
Version 15.1
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Webkitgtk
Before 2.26.4

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

Source: product-security@apple.com
Mailing ListPatchThird Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.