CVE-2018-4309: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12…

medium6.1CVSS 3.0

AVNACLPRNUIRSCCLILAN

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Affected

11 ranges

Vendor	Product	Version range	Fixed in
apple	icloud	< 7.7	7.7
apple	icloud_for_windows	—	—
apple	ios	—	—
apple	iphone_os	< 12.0	12.0
apple	itunes	< 12.9	12.9
apple	itunes_12.9_for_windows	—	—
apple	safari	< 12	12
apple	safari	—	—
apple	tvos	< 12	12
apple	tvos	—	—
debian	webkit2gtk	< webkit2gtk 2.22.0-2 (bookworm)	webkit2gtk 2.22.0-2 (bookworm)

CVSS provenance

nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

osv6.1MEDIUM