A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
References
Link | Resource |
---|---|
https://support.apple.com/kb/HT209141 | Vendor Advisory |
https://support.apple.com/kb/HT209140 | Vendor Advisory |
https://support.apple.com/kb/HT209109 | Vendor Advisory |
https://support.apple.com/kb/HT209107 | Vendor Advisory |
https://support.apple.com/kb/HT209106 | Vendor Advisory |
Configurations
Information
Published : 2019-04-03 11:29
Updated : 2019-04-05 06:48
NVD link : CVE-2018-4345
Mitre link : CVE-2018-4345
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
apple
- itunes
- tvos
- icloud
- safari
- iphone_os
microsoft
- windows