CVE-2019-8813 — Cross-site Scripting in Apple Icloud FOR Windows

CWE-79 — Cross-site Scripting12 documents8 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 41.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS Apple Itunes FOR Windows +7 more

Timeline

PublishedDec 18

Latest updateMay 24

Description

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages12 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 11.0

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes for Windows 12.10.2

▶CVEListV5apple/tvosunspecified — tvOS 13.2

▶NVDapple/tvos< 13.2

▶CVEListV5apple/safariunspecified — Safari 13.0.3

🔴Vulnerability Details

GHSA

GHSA-36c3-vq66-wvcg: A logic issue was addressed with improved state management↗2022-05-24

▶

CVEList

CVE-2019-8813: A logic issue was addressed with improved state management↗2019-12-18

▶

OSV

CVE-2019-8813: A logic issue was addressed with improved state management↗2019-12-18

▶

📋Vendor Advisories

Red Hat

webkitgtk: Incorrect state management leading to universal cross-site scripting↗2019-11-08

▶

Apple

CVE-2019-8813: iCloud for Windows 10.8↗2019-10-30

▶

Apple

CVE-2019-8813: iTunes 12.10.2 for Windows↗2019-10-30

▶

Apple

CVE-2019-8813: Safari 13.0.3↗2019-10-28

▶

Apple

CVE-2019-8813: tvOS 13.2↗2019-10-28

▶

💬Community

Bugzilla

CVE-2019-8813 webkitgtk: Incorrect state management leading to universal cross-site scripting↗2020-09-07

▶