CVE-2018-4133 Information

Description

An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the \WebKit\ component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/103580 http://www.securitytracker.com/id/1040606 https://security.gentoo.org/glsa/201808-04 https://support.apple.com/HT208695 https://usn.ubuntu.com/3635-1/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1