PT-2019-4804 · Apple+6 · Itunes For Windows+12

Sergei Glazunov

·

Published

2019-08-29

·

Updated

2022-01-20

·

CVE-2019-8690

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Safari versions prior to 12.1.2 iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6
Description The issue is related to a logic problem in handling document loads, which may allow a remote attacker to perform a cross-site scripting attack by processing maliciously crafted web content. This could lead to universal cross-site scripting.
Recommendations For Safari version prior to 12.1.2, update to version 12.1.2 or later. For iOS version prior to 12.4, update to version 12.4 or later. For macOS Mojave version prior to 10.14.6, update to version 10.14.6 or later. For tvOS version prior to 12.4, update to version 12.4 or later. For iTunes for Windows version prior to 12.9.6, update to version 12.9.6 or later. For iCloud for Windows version prior to 7.13 and 10.6, update to version 7.13 or 10.6 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2019:3553
BDU:2020-01382
CESA-2019_3553
CESA-2020_4035
CVE-2019-8690
DSA-4515-1
MGASA-2019-0281
OPENSUSE-SU-2019:2207-1
OPENSUSE-SU-2019:2208-1
OPENSUSE-SU-2019:2587-1
OPENSUSE-SU-2019:2591-1
OPENSUSE-SU-2019_2207-1
OPENSUSE-SU-2019_2208-1
OPENSUSE-SU-2019_2587-1
OPENSUSE-SU-2019_2591-1
RHSA-2019:3553
RHSA-2019_3553
RHSA-2020:4035
RHSA-2020_4035
RLSA-2019:3553
SUSE-SU-2019:2345-1
SUSE-SU-2019:2345-2
SUSE-SU-2019:2428-1
SUSE-SU-2019:3044-1
SUSE-SU-2022:0142-1
USN-4130-1

Affected Products

Almalinux
Centos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Icloud For Windows
Ios
Itunes
Itunes For Windows
Macos Mojave
Tvos