CVE-2024-40857

This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting.
References
Link Resource
https://support.apple.com/en-us/121238 Release Notes Vendor Advisory
https://support.apple.com/en-us/121240 Release Notes Vendor Advisory
https://support.apple.com/en-us/121241 Release Notes Vendor Advisory
https://support.apple.com/en-us/121248 Release Notes Vendor Advisory
https://support.apple.com/en-us/121249 Release Notes Vendor Advisory
https://support.apple.com/en-us/121250 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

History

25 Sep 2024, 13:41

Type Values Removed Values Added
References () https://support.apple.com/en-us/121238 - () https://support.apple.com/en-us/121238 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121240 - () https://support.apple.com/en-us/121240 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121241 - () https://support.apple.com/en-us/121241 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121248 - () https://support.apple.com/en-us/121248 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121249 - () https://support.apple.com/en-us/121249 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/121250 - () https://support.apple.com/en-us/121250 - Release Notes, Vendor Advisory
CWE CWE-79
CPE cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
First Time Apple
Apple visionos
Apple tvos
Apple iphone Os
Apple safari
Apple watchos
Apple ipados
Apple macos
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

20 Sep 2024, 12:31

Type Values Removed Values Added
Summary
  • (es) Este problema se solucionó mediante una mejor gestión del estado. Este problema se solucionó en Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18, iPadOS 18 y tvOS 18. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un ataque de cross site scripting.

17 Sep 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 00:15

Updated : 2024-09-25 13:41


NVD link : CVE-2024-40857

Mitre link : CVE-2024-40857

CVE.ORG link : CVE-2024-40857


JSON object : View

Products Affected

apple

  • macos
  • visionos
  • watchos
  • iphone_os
  • ipados
  • safari
  • tvos
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')