CVE-2021-30890 — Cross-site Scripting in Apple IOS AND Ipados

CWE-79 — Cross-site Scripting10 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 58.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Ipados +10 more

Timeline

PublishedAug 24

Latest updateJan 6

Description

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages14 packages

▶Appleapple/macos_monterey12.0.1

▶NVDapple/tvos< 15.1

▶CVEListV5apple/macosunspecified — 12.0+2

▶NVDapple/macos< 12.0.1

▶NVDapple/ipados< 15.1

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

🔴Vulnerability Details

OSV

CVE-2021-30890: A logic issue was addressed with improved state management↗2021-08-24

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2022-01-06

▶

Red Hat

webkitgtk: Logic issue leading to universal cross-site scripting↗2021-12-20

▶

Apple

CVE-2021-30890: Safari 15.1↗2021-10-27

▶

Apple

CVE-2021-30890: macOS Monterey 12.0.1↗2021-10-25

▶

Apple

CVE-2021-30890: watchOS 8.1↗2021-10-25

▶