Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-7089Cross-site Scripting in Apple Icloud

CWE-79Cross-site Scripting11 documents9 sources
Severity
6.1MEDIUMNVD
EPSS
4.5%
top 10.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Apple IcloudApple Iphone OSApple Itunes+2 more
Timeline
PublishedOct 23
Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

NVDapple/icloud6.9.1
NVDapple/safari10.1.2
NVDapple/tvos10.2.2
NVDapple/itunes12.6.2
NVDapple/iphone_os10.3.3

🔴Vulnerability Details

3
GHSA
GHSA-xrp9-v7m5-2gw6: An issue was discovered in certain Apple products2022-05-14
CVEList
CVE-2017-7089: An issue was discovered in certain Apple products2017-10-23
OSV
CVE-2017-7089: An issue was discovered in certain Apple products2017-10-23

💥Exploits & PoCs

1
Exploit-DB
Webkit (Safari) - Universal Cross-site Scripting2017-10-03

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Apple Safari UXSS (CVE-2017-7089)2017-11-15

📋Vendor Advisories

5
Ubuntu
WebKitGTK+ vulnerabilities2017-10-23
Apple
CVE-2017-7089: iCloud for Windows 7.02017-09-25
Apple
CVE-2017-7089: Safari 112017-09-19
Apple
CVE-2017-7089: iOS 112017-09-19
Debian
CVE-2017-7089: webkit2gtk - An issue was discovered in certain Apple products. iOS before 11 is affected. Sa...2017
CVE-2017-7089 — Cross-site Scripting in Apple Icloud | cvebase