PT-2021-18922 · Apple · Itunes
3H6_1
+1
·
Published
2021-08-24
·
Updated
2021-11-01
·
CVE-2021-30862
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
iTunes U versions prior to 3.8.3
Description
A validation issue was addressed with improved input sanitization. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.
Recommendations
For versions prior to 3.8.3, update to version 3.8.3 to resolve the issue. As a temporary workaround, consider avoiding the use of maliciously crafted URLs until the update is applied.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Itunes