← Back to CVEs

CVE-2017-2528

N/A

Description

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.

CVE Details

CVSS v3.1 ScoreN/A

Published5/22/2017

Last Modified4/20/2025

Sourcenvd

Honeypot Sightings0

Affected Products

apple:iphone_osapple:safari

Weaknesses (CWE)

CWE-79

References

http://www.securityfocus.com/bid/98474(product-security@apple.com)

http://www.securitytracker.com/id/1038487(product-security@apple.com)

https://security.gentoo.org/glsa/201706-15(product-security@apple.com)

https://support.apple.com/HT207798(product-security@apple.com)

https://support.apple.com/HT207804(product-security@apple.com)

https://www.exploit-db.com/exploits/42105/(product-security@apple.com)

http://www.securityfocus.com/bid/98474(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1038487(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/201706-15(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/HT207798(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/HT207804(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/42105/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.