Уязвимость межсайтового скриптинга (XSS) в компоненте WebKit через некорректное взаимодействие с политикой Application Cache
Описание
В компоненте WebKit была обнаружена уязвимость межсайтового скриптинга (XSS), которая позволяет злоумышленникам внедрять произвольные веб-скрипты или HTML-код через специально созданный веб-контент, некорректно взаимодействующий с политикой Application Cache.
Затронутые версии ПО
- iOS до версии 11
- Safari до версии 11
- iCloud до версии 7.0 на Windows
- iTunes до версии 12.7 на Windows
- tvOS до версии 11
Тип уязвимости
Межсайтовый скриптинг (XSS)
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одновременно
Одно из
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.
An issue was discovered in certain Apple products. iOS before 11 is af ...
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2