CVE-2016-4618 — Cross-site Scripting in Apple Iphone OS

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 33.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple IOS Apple Safari

Timeline

PublishedSep 25

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶Appleapple/safari10

▶NVDapple/safari9.1.3

▶NVDapple/iphone_os9.3.5

▶Appleapple/ios10

🔴Vulnerability Details

GHSA

GHSA-69v6-gr9w-75g2: Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2016-4618: Safari 10↗2016-09-20

▶

Apple

CVE-2016-4618: iOS 10↗2016-09-13

▶