CVE-2017-2361

🗓️ 20 Feb 2017 08:35:00Reported by appleType

cve🔗 web.nvd.nist.gov👁 58 Views🌐 WEB

An XSS vulnerability in Apple macOS < 10.12.3 Help Viewe

Reporter	Title	Published	Views	Family All 13
0day.today	macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read Exploit	24 Feb 201700:00	–	zdt
Tenable Nessus	Mac OS X 10.x < 10.12.3 Multiple Vulnerabilities	1 Feb 201700:00	–	nessus
Tenable Nessus	macOS 10.12.x < 10.12.3 Multiple Vulnerabilities	24 Jan 201700:00	–	nessus
Apple	About the security content of macOS Sierra 10.12.3	23 Jan 201700:00	–	apple
Apple	About the security content of macOS Sierra 10.12.3 - Apple Support	28 Mar 201711:17	–	apple
Circl	CVE-2017-2361	23 Feb 201700:00	–	circl
CNVD	Apple macOS Sierra Help Viewer Cross-Site Scripting Vulnerability	16 Feb 201700:00	–	cnvd
Cvelist	CVE-2017-2361	20 Feb 201708:35	–	cvelist
EUVD	EUVD-2017-11544	7 Oct 202500:30	–	euvd
NVD	CVE-2017-2361	20 Feb 201708:59	–	nvd

NVD

Node

apple mac_os_xRange≤10.12.2

Source	Link
securityfocus	www.securityfocus.com/bid/95723
bugs	www.bugs.chromium.org/p/project-zero/issues/detail
securitytracker	www.securitytracker.com/id/1037671
support	www.support.apple.com/HT207483
exploit-db	www.exploit-db.com/exploits/41443/

Parameter	Position	Path	Description	CWE
redirect	query param	help:///Applications/Safari.app/Contents/Resources/Safari.help/%25252f..%25252f..%25252f..%25252f..%25252f..%25252f..%25252f/System/Library/PrivateFrameworks/Tourist.framework/Versions/A/Resources/en.lproj/offline.html?redirect=javascript%253adocument.write(1)	HelpViewer XSS via crafted help URL bypassing path checks with double-encoded traversal leading to arbitrary script execution.	CWE-79

13 May 2026 00:24Current

5.4Medium risk

Vulners AI Score5.4

CVSS 24.3

CVSS 36.1

EPSS0.06176