A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00004.html | Mailing List Patch Third Party Advisory |
https://security.gentoo.org/glsa/202003-22 | Third Party Advisory |
https://support.apple.com/HT210947 | Release Notes Vendor Advisory |
https://support.apple.com/HT210948 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2020-02-27 21:15
Updated : 2024-02-28 17:28
NVD link : CVE-2020-3867
Mitre link : CVE-2020-3867
CVE.ORG link : CVE-2020-3867
JSON object : View
Products Affected
apple
- icloud
- itunes
- iphone_os
- ipados
- safari
- tvos
webkitgtk
- webkitgtk
opensuse
- leap
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')