Unrated severityNVD Advisory· Published Apr 3, 2019· Updated Aug 5, 2024

CVE-2018-4309

Description

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Affected products

Apple Inc./Webkitinferred
Range: <12
osv-coords18 versions
pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.0 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4 pkg:rpm/suse/webkit2gtk3&distro=SUSE%20OpenStack%20Cloud%207
< 2.22.5-lp150.2.9.1+ 17 more
- (no CPE)range: < 2.22.5-lp150.2.9.1
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.5-3.13.1
- (no CPE)range: < 2.22.5-3.13.1
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3
- (no CPE)range: < 2.22.4-2.29.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/kb/HT209106mitrex_refsource_MISC
support.apple.com/kb/HT209107mitrex_refsource_MISC
support.apple.com/kb/HT209109mitrex_refsource_MISC
support.apple.com/kb/HT209140mitrex_refsource_MISC
support.apple.com/kb/HT209141mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000