CVE-2019-6228Cross-site Scripting in Apple Safari

CWE-79Cross-site Scripting5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 45.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOSApple SafariApple Iphone OS
Timeline
PublishedMar 5
Latest updateMay 14

Description

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

CVEListV5apple/safariunspecifiedSafari 12.0.3
NVDapple/safari< 12.0.3
CVEListV5apple/iosunspecifiediOS 12.1.3
NVDapple/iphone_os< 12.1.3

🔴Vulnerability Details

2
GHSA
GHSA-px8f-q952-776q: A cross-site scripting issue existed in Safari2022-05-14
CVEList
CVE-2019-6228: A cross-site scripting issue existed in Safari2019-03-05

📋Vendor Advisories

2
Apple
CVE-2019-6228: Safari 12.0.32019-01-22
Apple
CVE-2019-6228: iOS 12.1.32019-01-22
CVE-2019-6228 — Cross-site Scripting in Apple Safari | cvebase