CVE-2021-30744

MEDIUM

tvOS <14.6-iPadOS <14.6-macOS <11.4-watchOS <7.5 - XSS

Title source: llm
STIX 2.1

Description

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212528
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212529
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212532
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212533
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212534

Scores

CVSS v3 6.1
EPSS 0.0107
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (6)
apple/ipados < 14.6
apple/iphone_os < 14.6
apple/macos 11.0.1 - 11.4
apple/safari < 14.1.1
apple/tvos < 14.6
apple/watchos < 7.5
Published Sep 08, 2021
Tracked Since Feb 18, 2026