CVE-2019-8764 — Cross-site Scripting in Apple Watchos

CWE-79 — Cross-site Scripting13 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 59.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Watchos Webkitgtk Debian Webkit2gtk +5 more

Timeline

PublishedDec 18

Latest updateMay 24

Description

A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages10 packages

▶CVEListV5apple/watchosunspecified — watchOS 6.1

▶NVDapple/watchos< 6.1

▶Appleapple/watchos6.1

▶debiandebian/webkit2gtk< webkit2gtk 2.26.0-1 (bookworm)

▶NVDwebkitgtk/webkitgtk< 2.26.4

🔴Vulnerability Details

GHSA

GHSA-8g88-79gg-9jfg: A logic issue was addressed with improved state management↗2022-05-24

▶

OSV

CVE-2019-8764: A logic issue was addressed with improved state management↗2019-12-18

▶

📋Vendor Advisories

Red Hat

webkitgtk: Incorrect state management leading to universal cross-site scripting↗2019-11-08

▶

Apple

CVE-2019-8764: watchOS 6.1↗2019-10-29

▶

Apple

CVE-2019-8764: iCloud for Windows 7.14↗2019-10-07

▶

Apple

CVE-2019-8764: iCloud for Windows 10.7↗2019-10-07

▶

Apple

CVE-2019-8764: iTunes 12.10.1 for Windows↗2019-10-07

▶

💬Community

Bugzilla

CVE-2019-8764 webkitgtk: Incorrect state management leading to universal cross-site scripting↗2020-09-07

▶