CVE-2019-8762

Published Oct 27, 2020

Last updated 6 months ago

CVSS medium 6.1

Overview

Description: A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.
Source: product-security@apple.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD51BEFE-B28D-412A-996D-ADA104E4EC17",
            "versionEndExcluding": "7.14"
          },
          {
            "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AB3D55F-1566-4705-98C9-6D56F8F156F0",
            "versionEndExcluding": "10.7",
            "versionStartIncluding": "10.0"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "397F21E9-3B36-49AE-92E3-B5B1FC7773D1",
            "versionEndExcluding": "12.10.1"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BD0E131-6A79-47DA-B8A8-1478B1EDD9FE",
            "versionEndExcluding": "13.0.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FCDB4B4-9FB3-46C2-A440-C60FEF372880",
            "versionEndExcluding": "13.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74FC47CB-6F80-4521-BE54-47B5630FF496",
            "versionEndExcluding": "13.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6FCD7CE-EC26-4952-A34D-2221AA4F223B",
            "versionEndExcluding": "13"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References