CVE-2024-54540Cross-site Scripting in Apple Music

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 48.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MusicApple Music
Timeline
PublishedJan 15

Description

The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDapple/music< 1.5.0.152
CVEListV5apple/apple_music< 1.5.0

🔴Vulnerability Details

2
CVEList
CVE-2024-54540: The issue was addressed with improved input sanitization2025-01-15
GHSA
GHSA-jw5g-j894-hv7p: The issue was addressed with improved input sanitization2025-01-15

📋Vendor Advisories

1
Apple
CVE-2024-54540: Apple Music 1.5.0.152 for Windows2024-10-03
CVE-2024-54540 — Cross-site Scripting in Apple Music | cvebase