CVE-2020-9805 — Cross-site Scripting in Apple Icloud FOR Windows

CWE-79 — Cross-site Scripting CWE-841 — Improper Enforcement of Behavioral Workflow8 documents8 sources

Severity

7.1HIGHNVD

EPSS

0.9%

top 24.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS Apple Itunes FOR Windows +7 more

Timeline

PublishedJun 9

Latest updateMay 24

Description

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages13 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 11.2+1

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes 12.10.7 for Windows

▶NVDapple/icloud11.0 — 11.2+1

▶CVEListV5apple/tvosunspecified — tvOS 13.4.5

▶NVDapple/tvos< 13.4.5

🔴Vulnerability Details

GHSA

GHSA-8v3h-22p7-j9pw: A logic issue was addressed with improved restrictions↗2022-05-24

▶

OSV

CVE-2020-9805: A logic issue was addressed with improved restrictions↗2020-06-09

▶

CVEList

CVE-2020-9805: A logic issue was addressed with improved restrictions↗2020-06-09

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2020-07-14

▶

Red Hat

webkitgtk: Logic issue may lead to cross site scripting↗2020-07-10

▶

Debian

CVE-2020-9805: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in i...↗2020

▶

💬Community

Bugzilla

CVE-2020-9805 webkitgtk: Logic issue may lead to cross site scripting↗2020-09-16

▶