Lucene search

K

GoogleOSV:CVE-2024-40785

HistoryJul 29, 2024 - 11:15 p.m.

CVE-2024-40785

2024-07-2923:15:11

Google

osv.dev

cve-2024-40785

apple products

cross site scripting

malicious web content

security fix

ios 16.7.9

ipados 16.7.9

safari 17.6

watchos 10.6

tvos 17.6

visionos 1.3

macos sonoma 14.6

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.1

Confidence

High

This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

References

seclists.org/fulldisclosure/2024/Jul/15

seclists.org/fulldisclosure/2024/Jul/16

seclists.org/fulldisclosure/2024/Jul/17

seclists.org/fulldisclosure/2024/Jul/18

seclists.org/fulldisclosure/2024/Jul/21

seclists.org/fulldisclosure/2024/Jul/22

seclists.org/fulldisclosure/2024/Jul/23

security-tracker.debian.org/tracker/CVE-2024-40785

support.apple.com/en-us/HT214116

support.apple.com/en-us/HT214117

support.apple.com/en-us/HT214119

support.apple.com/en-us/HT214121

support.apple.com/en-us/HT214122

support.apple.com/en-us/HT214123

support.apple.com/en-us/HT214124

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.1

Confidence

High

Related for OSV:CVE-2024-40785

vulnrichment1 cvelist1 debiancve1 redhatcve1 nvd1 cve1 nessus9 openvas9 osv6 apple7