CVE-2017-7109

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.
References
Link Resource
https://support.apple.com/HT208142 Vendor Advisory
https://support.apple.com/HT208141 Vendor Advisory
https://support.apple.com/HT208116 Vendor Advisory
https://support.apple.com/HT208113 Vendor Advisory
https://support.apple.com/HT208112 Vendor Advisory
http://www.securitytracker.com/id/1039428 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039384 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101005 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Information

Published : 2017-10-22 18:29

Updated : 2019-03-08 08:06


NVD link : CVE-2017-7109

Mitre link : CVE-2017-7109


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

apple

  • itunes
  • tvos
  • icloud
  • safari
  • iphone_os

microsoft

  • windows