CVE-2019-6229 — Cross-site Scripting in Apple Icloud FOR Windows

CWE-79 — Cross-site Scripting10 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 28.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS Apple Itunes FOR Windows +5 more

Timeline

PublishedMar 5

Latest updateMay 14

Description

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages10 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 7.10

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes 12.9.3 for Windows

▶CVEListV5apple/tvosunspecified — tvOS 12.1.2

▶NVDapple/tvos< 12.1.2

▶CVEListV5apple/safariunspecified — Safari 12.0.3

🔴Vulnerability Details

GHSA

GHSA-phg3-r8vw-5qjw: A logic issue was addressed with improved validation↗2022-05-14

▶

CVEList

CVE-2019-6229: A logic issue was addressed with improved validation↗2019-03-05

▶

OSV

CVE-2019-6229: A logic issue was addressed with improved validation↗2019-03-05

▶

📋Vendor Advisories

Apple

CVE-2019-6229: iTunes 12.9.3 for Windows↗2019-01-24

▶

Apple

CVE-2019-6229: tvOS 12.1.2↗2019-01-22

▶

Apple

CVE-2019-6229: iOS 12.1.3↗2019-01-22

▶

Apple

CVE-2019-6229: iCloud for Windows 7.10↗2019-01-22

▶

Apple

CVE-2019-6229: Safari 12.0.3↗2019-01-22

▶