Published: 23/10/2017 Updated: 08/03/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in certain Apple products. iOS prior to 11 is affected. Safari prior to 11 is affected. iCloud prior to 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote malicious users to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple tvos
apple safari
apple iphone os
apple itunes
apple icloud

Several security issues were fixed in WebKitGTK+ ...

Webkit uxss exploit (CVE-2017-7089)

CVE-2017-7089 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab This issue was addressed with improved state management Safari 10 Local SOP bypass <script> function Pew(){var doc=open('parent-tab://applecom');docdocumentbodyinnerHTML=�

Exploit Safari CVE-2017-7089

Safari_Mac Exploit Safari CVE-2017-7089

CWE-79 https://support.apple.com/HT208142 https://support.apple.com/HT208116 https://support.apple.com/HT208112 http://www.securitytracker.com/id/1039385 http://www.securitytracker.com/id/1039384 http://www.securityfocus.com/bid/100893 https://usn.ubuntu.com/3460-1/https://nvd.nist.gov

CVE-2017-7089

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect