CVE-2019-8771
MEDIUM EXPLOITEDSafari < 13.0.1 - Iframe Sandbox Policy Bypass
Title source: llmExploitation Summary
CVE-2019-8771 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT210606
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT210605
Scores
CVSS v3
6.1
EPSS
0.0099
EPSS Percentile
57.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2019-09-30
CWE
CWE-1021
Status
published
Products (2)
apple/iphone_os
< 13.0.
apple/safari
< 13.0.1
Published
Oct 27, 2020
Tracked Since
Feb 18, 2026