CVE-2023-40451

high

Description

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.

References

https://webkitgtk.org/security/WSA-2023-0009.html

https://support.apple.com/en-us/HT213941

https://security.gentoo.org/glsa/202401-33

http://www.openwall.com/lists/oss-security/2023/09/28/3

http://seclists.org/fulldisclosure/2023/Oct/2

Details

Source: Mitre, NVD

Published: 2023-09-27

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0111

Detections

Analytics