CVE-2017-7089

MEDIUM

Description

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.

References

http://www.securityfocus.com/bid/100893

http://www.securitytracker.com/id/1039384

http://www.securitytracker.com/id/1039385

https://support.apple.com/HT208112

https://support.apple.com/HT208116

https://support.apple.com/HT208142

Details

Source: MITRE

Published: 2017-10-23

Updated: 2019-03-08

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (7 total)

ID	Name	Product	Family	Severity
700499	Apple Safari < 11.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
108703	FreeBSD : webkit2-gtk3 -- multiple vulnerabilities (1ce95bc7-3278-11e8-b527-00012e582166) (Spectre)	Nessus	FreeBSD Local Security Checks	medium
106549	openSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
106370	SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:0219-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
104121	Ubuntu 16.04 LTS / 17.04 : webkit2gtk vulnerabilities (USN-3460-1)	Nessus	Ubuntu Local Security Checks	medium
103420	Apple iOS < 11 Multiple Vulnerabilities	Nessus	Mobile Devices	high
103360	macOS : Apple Safari < 11.0 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium