CVE-2022-22589medium
Description
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
References
https://support.apple.com/en-us/HT213058
https://support.apple.com/en-us/HT213059
https://support.apple.com/en-us/HT213057
https://support.apple.com/en-us/HT213054
https://support.apple.com/en-us/HT213053
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
Details
Source: MITRE
Published: 2022-03-18
Updated: 2022-10-06
Type: CWE-20
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM