CVE-2019-8813: XSS
First published: Mon Oct 28 2019(Updated: )
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.
Credit: an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iTunes for Windows | <12.10.2 | 12.10.2 |
| Apple Safari | <13.0.3 | 13.0.3 |
| Apple tvOS | <13.2 | 13.2 |
| redhat/webkitgtk | <2.26.1 | 2.26.1 |
| Apple iOS | <13.2 | 13.2 |
| Apple iPadOS | <13.2 | 13.2 |
| Apple Icloud Windows | <10.8 | |
| Apple Itunes Windows | <12.10.2 | |
| Apple Safari | <13.0.3 | |
| Apple iPadOS | <13.2 | |
| Apple iPhone OS | <13.2 | |
| Apple tvOS | <13.2 | |
| Webkitgtk Webkitgtk\+ | <2.26.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT210721 (Advisory)
- https://support.apple.com/en-us/HT210723 (Advisory)
- https://support.apple.com/en-us/HT210725 (Advisory)
- https://support.apple.com/en-us/HT210726 (Advisory)
- https://security.gentoo.org/glsa/202003-22
- https://support.apple.com/HT210721
- https://support.apple.com/HT210723
- https://support.apple.com/HT210725
- https://support.apple.com/HT210726
- https://support.apple.com/HT210727
- https://access.redhat.com/security/cve/CVE-2019-8813
- https://webkitgtk.org/security/WSA-2019-0006.html
- https://access.redhat.com/errata/RHSA-2020:4035
- https://access.redhat.com/security/cve/cve-2019-8813
- https://access.redhat.com/errata/RHSA-2020:4451
- https://bugzilla.redhat.com/show_bug.cgi?id=1876553
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8784
- CVE-2019-8801
- CVE-2019-8813
- CVE-2019-8782
- CVE-2019-8783
- CVE-2019-8808
- CVE-2019-8811
- CVE-2019-8812
- CVE-2019-8814
- CVE-2019-8816
- CVE-2019-8819
- CVE-2019-8820
- CVE-2019-8821
- CVE-2019-8822
- CVE-2019-8823
- CVE-2019-8827
- CVE-2019-8815
- CVE-2019-8787
- CVE-2019-8803
- CVE-2019-8785
- CVE-2019-8797
- CVE-2019-8795
- CVE-2019-8798
- CVE-2019-8794
- CVE-2019-8786
- CVE-2019-8829
- CVE-2019-8796
- CVE-2019-8788
- CVE-2019-8789
- CVE-2017-7152
- CVE-2019-8804
- CVE-2019-8793
- CVE-2019-15126
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-8813.
What is the severity rating of CVE-2019-8813?
The severity rating of CVE-2019-8813 is medium.
What software versions are affected by CVE-2019-8813?
iOS versions up to 13.2, iPadOS versions up to 13.2, tvOS versions up to 13.2, Safari versions up to 13.0.3, iTunes for Windows versions up to 12.10.2, and iCloud for Windows versions up to 10.8 are affected by CVE-2019-8813.
What is the remediation for CVE-2019-8813?
To fix CVE-2019-8813, update to iOS 13.2 or later, iPadOS 13.2 or later, tvOS 13.2 or later, Safari 13.0.3 or later, iTunes for Windows 12.10.2 or later, or iCloud for Windows 11.0 or later.
What is the CWE ID for CVE-2019-8813?
The CWE ID for CVE-2019-8813 is 79.
- collector/apple-support
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/weakness
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-8813
- agent/software-canonical-lookup
- agent/event
- agent/description
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/apple itunes for windows
- canonical/apple safari
- canonical/apple tvos
- package-manager/redhat
- canonical/apple ios
- canonical/apple ipados
- canonical/apple icloud windows
- canonical/apple itunes windows
- canonical/apple iphone os
- vendor/webkitgtk
- canonical/webkitgtk webkitgtk\+