CVE-2017-7109

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy.

Published: Oct 23, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-7109
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
apple / iphone_os	-	10.3.3.x
apple / safari	-	10.1.2.x
apple / tvos	-	10.2.2.x
apple / icloud	-	6.9.1.x
apple / itunes	-	12.6.2.x

http://www.securityfocus.com/bid/101005
http://www.securitytracker.com/id/1039384
http://www.securitytracker.com/id/1039428
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/HT208116
https://support.apple.com/HT208141
https://support.apple.com/HT208142

Vulnerability Database

289,784

CVE-2017-7109