Vulnerability CVE-2017-7089
Published: 2017-10-22   Modified: 2017-10-23

Description:
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Safari 10 Local SOP bypass
Bo0oM
04.10.2017
Low
Webkit (Safari) Universal Cross-site Scripting
Anton Lopanitsyn
16.11.2018

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Apple -> Apple tv 
Apple -> Icloud 
Apple -> Itunes 
Apple -> Safari 
Apple -> Iphone os 
Apple -> TVOS 

 References:
http://www.securityfocus.com/bid/100893
http://www.securitytracker.com/id/1039384
http://www.securitytracker.com/id/1039385
https://support.apple.com/HT208112
https://support.apple.com/HT208116
https://support.apple.com/HT208142
Copyright 2024, cxsecurity.com

 

Back to Top