cbcvebase.
CVE-2021-30890
published 2021-08-24

CVE-2021-30890: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1…

PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.31%
67.1th percentile
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.

Affected

20 ranges
VendorProductVersion rangeFixed in
appleios_15.1_and_ipados
appleios_and_ipados>= unspecified < 15.115.1
appleipados< 15.115.1
appleiphone_os< 15.115.1
applemacos< 12.0.112.0.1
applemacos>= unspecified < 12.012.0
applemacos>= unspecified < 8.18.1
applemacos>= unspecified < 15.115.1
applemacos_monterey
applesafari
appletvos< 15.115.1
appletvos
applewatchos< 8.18.1
applewatchos
debiandebian_linux
debiandebian_linux
debianwebkit2gtk< webkit2gtk 2.34.3-1 (bookworm)webkit2gtk 2.34.3-1 (bookworm)
debianwpewebkit< webkit2gtk 2.34.3-1 (bookworm)webkit2gtk 2.34.3-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.