CVE-2020-10012Cross-site Scripting in Apple Macos

CWE-79Cross-site Scripting5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.9%
top 24.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MacosApple MAC OS X
Timeline
PublishedDec 8
Latest updateMay 24

Description

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5apple/macosunspecified11.0
NVDapple/macos< 11.0.1
NVDapple/mac_os_x10.1410.14.6+3

🔴Vulnerability Details

2
GHSA
GHSA-52pf-qm7m-948q: An access issue was addressed with improved access restrictions2022-05-24
CVEList
CVE-2020-10012: An access issue was addressed with improved access restrictions2020-12-08

🕵️Threat Intelligence

2
Unit42
Unit 42 Discovers 15 New Vulnerabilities Across Microsoft, Adobe and Apple Products2021-03-19
Unit42
Unit 42 Discovers 15 New Vulnerabilities Across Microsoft, Adobe and Apple Products2021-03-19
CVE-2020-10012 — Cross-site Scripting in Apple Macos | cvebase