CVE-2018-4377

MEDIUM

Description

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

References

https://support.apple.com/kb/HT209192

https://support.apple.com/kb/HT209195

https://support.apple.com/kb/HT209196

https://support.apple.com/kb/HT209197

https://support.apple.com/kb/HT209198

Details

Source: MITRE

Published: 2019-04-03

Updated: 2019-04-05

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (6 total)

ID	Name	Product	Family	Severity
700554	Apple iOS < 12.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	medium
700506	Apple Safari < 12.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
118718	Apple iTunes < 12.9.1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
118717	Apple iTunes < 12.9.1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
118571	macOS : Apple Safari < 12.0.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
118569	Apple iOS < 12.1 Multiple Vulnerabilities	Nessus	Mobile Devices	medium