Medium severity6.1NVD Advisory· Published Sep 25, 2016· Updated Jun 17, 2026
CVE-2016-4618
CVE-2016-4618
Description
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:apple:safari:9.1.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:9.1.3:*:*:*:*:*:*:*
- (no CPE)range: <10
- Range: <10
- Range: <10
Patches
Vulnerability mechanics
References
6- lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlnvdMailing ListVendor Advisory
- support.apple.com/HT207143nvdVendor Advisory
- support.apple.com/HT207157nvdVendor Advisory
- www.securityfocus.com/bid/93053nvd
- www.securitytracker.com/id/1036854nvd
News mentions
0No linked articles in our index yet.