Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2021-1879
HistoryNov 03, 2021 - 12:00 a.m.

Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability

2021-11-0300:00:00
CISA
www.cisa.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

61.2%

JSON

Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related

mmpc 1
mssecure 1
apple 3
thn 6
prion 1
checkpoint_advisories 1
nvd 1
malwarebytes 2
cve 1
attackerkb 1
cvelist 1
threatpost 1
trellix 2
qualysblog 3
googleprojectzero 1
mmpc
mmpc
New sophisticated email-based attack from NOBELIUM
2021-05-28 00:00:50
mssecure
mssecure
New sophisticated email-based attack from NOBELIUM
2021-05-28 00:00:50
apple
apple
About the security content of iOS 12.5.2
2021-03-26 00:00:00
About the security content of iOS 14.4.2 and iPadOS 14.4.2
2021-03-26 00:00:00
About the security content of watchOS 7.3.3
2021-03-26 00:00:00
thn
thn
SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor
2021-05-28 11:24:00
Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild
2021-07-15 08:25:00
Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack
2021-03-27 06:07:00
prion
prion
Cross site scripting
2021-04-02 19:15:00
checkpoint_advisories
checkpoint_advisories
Apple WebKit Use After Free (CVE-2021-1879)
2021-07-26 00:00:00
nvd
nvd
CVE-2021-1879
2021-04-02 19:15:20
malwarebytes
malwarebytes
SolarWinds attackers launch new campaign
2021-05-28 14:24:01
Update now! Apple patches another privilege escalation bug in iOS and iPadOS
2021-10-12 16:07:53
cve
cve
CVE-2021-1879
2021-04-02 19:15:20
attackerkb
attackerkb
CVE-2021-1879
2021-04-02 00:00:00
cvelist
cvelist
CVE-2021-1879
2021-04-02 18:07:52
threatpost
threatpost
Safari Zero-Day Used in Malicious LinkedIn Campaign
2021-07-15 11:04:49
trellix
trellix
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
qualysblog
qualysblog
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
2021-10-18 07:41:18
Protect your Devices from Pegasus Spyware using VMDR for Mobile Devices’ Proactive Approach
2021-07-23 16:31:38
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
googleprojectzero
googleprojectzero
The More You Know, The More You Know You Don’t Know
2022-04-19 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

61.2%

JSON
Related for CISA-KEV-CVE-2021-1879
mmpc1mssecure1apple3thn6prion1checkpoint_advisories1nvd1malwarebytes2cve1attackerkb1cvelist1threatpost1trellix2qualysblog3googleprojectzero1