CVE-2019-8625

A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.

Published: Dec 18, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-8625
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
apple / itunes	-	12.10.1
apple / icloud	-	7.14
apple / icloud	10.0	10.7
webkitgtk / webkitgtk+	-	2.26.4

https://security.gentoo.org/glsa/202003-22
https://support.apple.com/HT210635
https://support.apple.com/HT210636
https://support.apple.com/HT210637

Vulnerability Database

289,697

CVE-2019-8625