CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
82.6%
An issue was discovered in certain Apple products. iOS before 10.3.2 is
affected. Safari before 10.1.1 is affected. The issue involves the “WebKit”
component. It allows remote attackers to conduct Universal XSS (UXSS)
attacks via a crafted web site that improperly interacts with pageshow
events.
Author | Note |
---|---|
jdstrand | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | webkit2gtk | < 2.16.3-0ubuntu0.16.04.1 | UNKNOWN |
ubuntu | 16.10 | noarch | webkit2gtk | < 2.16.3-0ubuntu0.16.10.1 | UNKNOWN |
ubuntu | 17.04 | noarch | webkit2gtk | < 2.16.3-0ubuntu0.17.04.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2017-2510
nvd.nist.gov/vuln/detail/CVE-2017-2510
security-tracker.debian.org/tracker/CVE-2017-2510
support.apple.com/HT207798
support.apple.com/HT207804
ubuntu.com/security/notices/USN-3303-1
webkitgtk.org/2017/05/24/webkitgtk2.16.3-released.html
webkitgtk.org/security/WSA-2017-0004.html
www.cve.org/CVERecord?id=CVE-2017-2510
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
82.6%