CVE-2021-30744Cross-site Scripting in Apple IOS AND Ipados

CWE-79Cross-site ScriptingCWE-20Improper Input Validation11 documents8 sources
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 30.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple IOS AND IpadosApple MacosApple Ipados+4 more
Timeline
PublishedSep 8
Latest updateMay 24

Description

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages8 packages

NVDapple/tvos< 14.6
CVEListV5apple/macosunspecified11.4+3
NVDapple/macos11.0.111.4
NVDapple/ipados< 14.6
NVDapple/safari< 14.1.1

🔴Vulnerability Details

3
GHSA
GHSA-6gqw-9w99-v9gq: Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins2022-05-24
CVEList
CVE-2021-30744: Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins2021-09-08
OSV
CVE-2021-30744: Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins2021-09-08

📋Vendor Advisories

7
Ubuntu
WebKitGTK vulnerabilities2021-07-28
Red Hat
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack2021-07-28
Apple
CVE-2021-30744: tvOS 14.62021-05-24
Apple
CVE-2021-30744: macOS Big Sur 11.42021-05-24
Apple
CVE-2021-30744: watchOS 7.52021-05-24
CVE-2021-30744 — Cross-site Scripting in Apple | cvebase