Medium severity6.1NVD Advisory· Published Jul 22, 2016· Updated Jun 17, 2026
CVE-2016-4585
CVE-2016-4585
Description
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
- Range: <9.2.2
- Range: <9.1.2
- Range: <9.3.3
Patches
Vulnerability mechanics
References
10- lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Jul/msg00003.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Jul/msg00004.htmlnvdMailing ListVendor Advisory
- packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.htmlnvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/539295/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/91830nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036343nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT206900nvdVendor Advisory
- support.apple.com/HT206902nvdVendor Advisory
- support.apple.com/HT206905nvdVendor Advisory
News mentions
0No linked articles in our index yet.