This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.
References
Link | Resource |
---|---|
https://support.apple.com/en-us/HT213841 | Vendor Advisory |
https://support.apple.com/en-us/HT213842 | Vendor Advisory |
https://support.apple.com/en-us/HT213843 | Vendor Advisory |
https://support.apple.com/en-us/HT213846 | Vendor Advisory |
https://support.apple.com/en-us/HT213847 | Vendor Advisory |
https://support.apple.com/en-us/HT213848 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
03 Aug 2023, 17:02
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 | |
CPE | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
First Time |
Apple iphone Os
Apple tvos Apple watchos Apple Apple safari Apple ipados Apple macos |
|
References | (MISC) https://support.apple.com/en-us/HT213847 - Vendor Advisory | |
References | (MISC) https://support.apple.com/en-us/HT213843 - Vendor Advisory | |
References | (MISC) https://support.apple.com/en-us/HT213846 - Vendor Advisory | |
References | (MISC) https://support.apple.com/en-us/HT213848 - Vendor Advisory | |
References | (MISC) https://support.apple.com/en-us/HT213842 - Vendor Advisory | |
References | (MISC) https://support.apple.com/en-us/HT213841 - Vendor Advisory |
28 Jul 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-28 05:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-32445
Mitre link : CVE-2023-32445
CVE.ORG link : CVE-2023-32445
JSON object : View
Products Affected
apple
- iphone_os
- tvos
- safari
- ipados
- watchos
- macos
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')