CVE-2018-4133 — Cross-site Scripting in Apple Safari

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 33.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari Webkitgtk Debian Webkit2gtk +1 more

Timeline

PublishedApr 3

Latest updateMay 14

Description

An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDapple/safari< 11.1

▶Appleapple/safari11.1

▶debiandebian/webkit2gtk< webkit2gtk 2.20.0-2 (bookworm)

▶NVDwebkitgtk/webkitgtk< 2.20.4

Also affects: Ubuntu Linux 16.04, 17.10

🔴Vulnerability Details

GHSA

GHSA-8r9c-gc7v-2v7w: An issue was discovered in certain Apple products↗2022-05-14

▶

OSV

CVE-2018-4133: An issue was discovered in certain Apple products↗2018-04-03

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2018-04-30

▶

Apple

CVE-2018-4133: Safari 11.1↗2018-03-29

▶

Debian

CVE-2018-4133: webkit2gtk - An issue was discovered in certain Apple products. Safari before 11.1 is affecte...↗2018

▶