Back to search
CVE-2020-9952
Published: Oct 16, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.
| Vendor | Product | Versions |
|---|---|---|
Apple | iOS | affected unspecified - < iOS 14.0 and iPadOS 14.0 |
Apple | tvOS | affected unspecified - < tvOS 14.0 |
Apple | watchOS | affected unspecified - < watchOS 7.0 |
Apple | Safari | affected unspecified - < Safari 14.0 |
Apple | iCloud for Windows | affected unspecified - < iCloud for Windows 11.4 |
Apple | iCloud for Windows (Legacy) | affected unspecified - < iCloud for Windows 7.21 |
References
https://support.apple.com/HT211850
x_refsource_MISC
https://support.apple.com/HT211844
x_refsource_MISC
https://support.apple.com/HT211845
x_refsource_MISC
https://support.apple.com/HT211843
x_refsource_MISC
https://support.apple.com/HT211846
x_refsource_MISC
https://support.apple.com/HT211847
x_refsource_MISC
20201115 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0
mailing-list
x_refsource_FULLDISC
20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0
mailing-list
x_refsource_FULLDISC
20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
mailing-list
x_refsource_FULLDISC
20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0
mailing-list
x_refsource_FULLDISC
[oss-security] 20201123 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008
mailing-list
x_refsource_MLIST
GLSA-202012-10
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now