PT-2019-5071 · Apple+7 · Itunes For Windows+10

Sergei Glazunov

·

Published

2019-10-07

·

Updated

2024-06-15

·

CVE-2019-8625

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions iCloud for Windows versions prior to 10.7 iCloud for Windows versions prior to 7.14 tvOS versions prior to 13 iTunes for Windows versions prior to 12.10.1
Description A logic issue was addressed with improved state management, which may lead to universal cross-site scripting when processing maliciously crafted web content. This issue is related to insufficient protection of the web page structure, allowing an attacker to execute arbitrary code using specially crafted web content.
Recommendations For iCloud for Windows versions prior to 10.7, update to version 10.7 or later. For iCloud for Windows versions prior to 7.14, update to version 7.14 or later. For tvOS versions prior to 13, update to tvOS 13 or later. For iTunes for Windows versions prior to 12.10.1, update to version 12.10.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2020:4451
ALT-PU-2020-1239
BDU:2020-01718
CESA-2020_4035
CESA-2020_4451
CVE-2019-8625
DSA-4558-1
MGASA-2019-0324
OPENSUSE-SU-2019:2587-1
OPENSUSE-SU-2019:2591-1
OPENSUSE-SU-2019_2587-1
OPENSUSE-SU-2019_2591-1
OPENSUSE-SU-2024:11506-1
RHSA-2020:4035
RHSA-2020:4451
RHSA-2020_4035
RHSA-2020_4451
RLSA-2020:4451
SUSE-SU-2019:3044-1
SUSE-SU-2020:1135-1
SUSE-SU-2020_1135-1
USN-4178-1

Affected Products

Alt Linux
Almalinux
Centos
Red Hat
Rocky Linux
Suse
Ubuntu
Icloud For Windows
Itunes
Itunes For Windows
Tvos