Home

CVE-2020-9952

Description

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.

Risk Information

Base Score
7.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.475

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-9952 are fixed in iCloud 11.4Windows
Vulnerabilities CVE-2020-9952,CVE-2020-9991,CVE-2020-15358 are fixed in iCloud (7.21.0.23)Windows
Vulnerabilities CVE-2020-9952,CVE-2020-9991 are fixed in iCloud 11.4Windows
Multiple Vulnerabilities are affected in Apple Safari for MAC 13.1.2Mac
Web content engine library for GTK+ (USN-4648-1) libwebkit2gtk-4.0-37_2.30.3-0ubuntu0.18.04.1_i386.debLinux
Web content engine library for GTK+ (USN-4648-1) libwebkit2gtk-4.0-37_2.30.3-0ubuntu0.18.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-4648-1) libwebkit2gtk-4.0-37_2.30.3-0ubuntu0.20.04.1_i386.debLinux
Web content engine library for GTK+ (USN-4648-1) libwebkit2gtk-4.0-37_2.30.3-0ubuntu0.20.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-4648-1) libwebkit2gtk-4.0-37_2.30.3-0ubuntu0.20.10.1_i386.debLinux
Web content engine library for GTK+ (USN-4648-1) libwebkit2gtk-4.0-37_2.30.3-0ubuntu0.20.10.1_amd64.debLinux
Web content engine library for GTK+ (USN-4648-1) libjavascriptcoregtk-4.0-18_2.30.3-0ubuntu0.18.04.1_i386.debLinux
Web content engine library for GTK+ (USN-4648-1) libjavascriptcoregtk-4.0-18_2.30.3-0ubuntu0.18.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-4648-1) libjavascriptcoregtk-4.0-18_2.30.3-0ubuntu0.20.04.1_i386.debLinux
Web content engine library for GTK+ (USN-4648-1) libjavascriptcoregtk-4.0-18_2.30.3-0ubuntu0.20.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-4648-1) libjavascriptcoregtk-4.0-18_2.30.3-0ubuntu0.20.10.1_i386.debLinux
Web content engine library for GTK+ (USN-4648-1) libjavascriptcoregtk-4.0-18_2.30.3-0ubuntu0.20.10.1_amd64.debLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libjavascriptcoregtk-4_0-18-2.34.3-2.82.1.x86_64.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1.x86_64.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk-4_0-37-2.34.3-2.82.1.x86_64.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1.x86_64.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk3-lang-2.34.3-2.82.1.noarch.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1.x86_64.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-WebKit2-4_0-2.34.3-2.82.1.x86_64.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1.x86_64.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1.x86_64.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1.x86_64.rpmLinux
SUSE-SU-2022:0142-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk3-debugsource-2.34.3-2.82.1.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) vte291-0.52.4-2.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) vte291-0.52.4-2.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) libsoup-2.62.3-2.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) libsoup-2.62.3-2.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) potrace-1.15-3.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) potrace-1.15-3.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) tracker-2.1.5-2.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) tracker-2.1.5-2.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire-0.3.6-1.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire-0.3.6-1.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) PackageKit-1.1.12-6.el8.0.2.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) vte-profile-0.52.4-2.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire-doc-0.3.6-1.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) libsoup-devel-2.62.3-2.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) libsoup-devel-2.62.3-2.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire-libs-0.3.6-1.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire-libs-0.3.6-1.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) frei0r-plugins-1.6.1-7.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire-devel-0.3.6-1.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire-devel-0.3.6-1.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire-utils-0.3.6-1.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) PackageKit-cron-1.1.12-6.el8.0.2.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) PackageKit-glib-1.1.12-6.el8.0.2.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) PackageKit-glib-1.1.12-6.el8.0.2.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) dleyna-renderer-0.6.0-3.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) python3-gobject-3.28.3-2.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) python3-gobject-3.28.3-2.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire0.2-libs-0.2.7-6.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire0.2-libs-0.2.7-6.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire0.2-devel-0.2.7-6.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) pipewire0.2-devel-0.2.7-6.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) gnome-remote-desktop-0.1.8-3.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) python3-gobject-base-3.28.3-2.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) python3-gobject-base-3.28.3-2.el8.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) frei0r-plugins-opencv-1.6.1-7.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) PackageKit-gtk3-module-1.1.12-6.el8.0.2.i686.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) PackageKit-gtk3-module-1.1.12-6.el8.0.2.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) xdg-desktop-portal-gtk-1.6.0-1.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) PackageKit-gstreamer-plugin-1.1.12-6.el8.0.2.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2020:4451) PackageKit-command-not-found-1.1.12-6.el8.0.2.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update dleyna-renderer-0.6.0-3.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update potrace-1.15-3.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update potrace-1.15-3.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update python3-gobject-3.28.3-2.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update python3-gobject-3.28.3-2.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update python3-gobject-base-3.28.3-2.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire-0.3.6-1.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire-0.3.6-1.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire-devel-0.3.6-1.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire-devel-0.3.6-1.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire-doc-0.3.6-1.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire-libs-0.3.6-1.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire-libs-0.3.6-1.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire-utils-0.3.6-1.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire0.2-devel-0.2.7-6.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire0.2-devel-0.2.7-6.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire0.2-libs-0.2.7-6.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update pipewire0.2-libs-0.2.7-6.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update gnome-remote-desktop-0.1.8-3.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update frei0r-plugins-1.6.1-7.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update frei0r-plugins-opencv-1.6.1-7.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update tracker-2.1.5-2.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update tracker-2.1.5-2.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update vte-profile-0.52.4-2.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update vte291-0.52.4-2.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update vte291-0.52.4-2.el8.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-611604Apple Safari for MAC (MacOS Sonoma) (18.6)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234