CVE-2021-1825

CWE-79 — Cross-site Scripting (XSS)CWE-20 — Improper Input Validation11 documents8 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 36.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS AND Ipados Apple Itunes FOR Windows +8 more

Timeline

PublishedSep 8

Latest updateMay 24

Description

An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages17 packages

▶CVEListV5apple/icloud_for_windowsunspecified — 12.3

▶CVEListV5apple/itunes_for_windowsunspecified — 12.11

▶CVEListV5apple/tvosunspecified — 14.5

▶NVDapple/tvos< 14.5

▶CVEListV5apple/macosunspecified — 11.3

🔴Vulnerability Details

GHSA

GHSA-7gx9-m7c6-98gf: An input validation issue was addressed with improved input validation↗2022-05-24

▶

OSV

CVE-2021-1825: An input validation issue was addressed with improved input validation↗2021-09-08

▶

CVEList

CVE-2021-1825: An input validation issue was addressed with improved input validation↗2021-09-08

▶

💥Exploits & PoCs

Exploit-DB

MyBB 1.8.25 - Poll Vote Count SQL Injection↗2021-03-23

▶

Exploit-DB

MyBB 1.8.25 - Chained Remote Command Execution↗2021-03-22

▶

📋Vendor Advisories

Red Hat

webkitgtk: Input validation issue leading to cross site scripting attack↗2021-07-28

▶

Apple

CVE-2021-1825: iOS 14.5 and iPadOS 14.5↗2021-04-26

▶

Apple

CVE-2021-1825: macOS Big Sur 11.3↗2021-04-26

▶

Debian

CVE-2021-1825: webkit2gtk - An input validation issue was addressed with improved input validation. This iss...↗2021

▶