cbcvebase.
CVE-2019-8658
published 2019-12-18

CVE-2019-8658: A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.

Affected

25 ranges
VendorProductVersion rangeFixed in
appleicloud< 7.137.13
appleicloud>= 10.0 < 10.610.6
appleicloud_for_windows
appleicloud_for_windows
appleicloud_for_windows>= unspecified < iCloud for Windows 7.13iCloud for Windows 7.13
appleicloud_for_windows>= unspecified < iCloud for Windows 10.6iCloud for Windows 10.6
appleios
appleios>= unspecified < iOS 12.4iOS 12.4
appleiphone_os< 12.412.4
appleitunes< 12.9.612.9.6
appleitunes_12.9.6_for_windows
appleitunes_for_windows>= unspecified < iTunes for Windows 12.9.6iTunes for Windows 12.9.6
applemac_os_x< 10.14.610.14.6
applemacos>= unspecified < macOS Mojave 10.14.6macOS Mojave 10.14.6
applemacos_mojave_10.14.6_security_update_2019-004_high_sierra_security_update_2019-0
applesafari< 12.1.212.1.2
applesafari
applesafari>= unspecified < Safari 12.1.2Safari 12.1.2
appletvos< 12.412.4
appletvos
appletvos>= unspecified < tvOS 12.4tvOS 12.4
applewatchos< 5.35.3
applewatchos
applewatchos>= unspecified < watchOS 5.3watchOS 5.3
debianwebkit2gtk< webkit2gtk 2.24.4-1 (bookworm)webkit2gtk 2.24.4-1 (bookworm)

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM