CVE-2021-1826 — Cross-site Scripting in Apple IOS AND Ipados

CWE-79 — Cross-site Scripting CWE-20 — Improper Input Validation CWE-590 — Free of Memory not on the Heap8 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 27.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +7 more

Timeline

PublishedSep 8

Latest updateMay 24

Description

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages13 packages

▶CVEListV5apple/tvosunspecified — 14.5

▶NVDapple/tvos< 14.5

▶CVEListV5apple/macosunspecified — 11.3

▶NVDapple/macos11.0 — 11.3

▶NVDapple/ipados< 14.5

🔴Vulnerability Details

GHSA

GHSA-868x-c2ph-qm3r: A logic issue was addressed with improved restrictions↗2022-05-24

▶

OSV

CVE-2021-1826: A logic issue was addressed with improved restrictions↗2021-09-08

▶

📋Vendor Advisories

Red Hat

webkitgtk: Logic issue leading to universal cross site scripting attack↗2021-07-28

▶

Apple

CVE-2021-1826: iOS 14.5 and iPadOS 14.5↗2021-04-26

▶

Apple

CVE-2021-1826: macOS Big Sur 11.3↗2021-04-26

▶

Debian

CVE-2021-1826: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m...↗2021

▶