CVE-2019-8762

CWE-79Cross-site Scripting (XSS)9 documents4 sources
Severity
6.1MEDIUM
EPSS
0.7%
top 27.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apple Icloud FOR WindowsApple IOS AND IpadosApple Itunes FOR Windows+6 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages11 packages

CVEListV5apple/icloud_for_windowsunspecified10.7+1
CVEListV5apple/itunes_for_windowsunspecified12.10
NVDapple/icloud10.010.7+1
CVEListV5apple/tvosunspecified13
NVDapple/tvos< 13

🔴Vulnerability Details

2
GHSA
GHSA-3fh9-4r73-52mw: A validation issue was addressed with improved logic2022-05-24
CVEList
CVE-2019-8762: A validation issue was addressed with improved logic2020-10-27

📋Vendor Advisories

6
Apple
CVE-2019-8762: iCloud for Windows 7.142019-10-07
Apple
CVE-2019-8762: iTunes 12.10.1 for Windows2019-10-07
Apple
CVE-2019-8762: iCloud for Windows 10.72019-10-07
Apple
CVE-2019-8762: iOS 13.1 and iPadOS 13.12019-09-24
Apple
CVE-2019-8762: Safari 13.0.12019-09-24
CVE-2019-8762 (MEDIUM CVSS 6.1) | A validation issue was addressed wi | cvebase.io