CVE-2022-22594
MEDIUMSafari < 15.3 - Cross-Origin Data Leak via IndexedDB API
Title source: llmDescription
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.
References (5)
Core 5
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213053
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213054
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213057
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213059
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213058
Scores
CVSS v3
6.5
EPSS
0.0081
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-346
Status
published
Products (6)
apple/ipados
< 15.3
apple/iphone_os
< 15.3
apple/macos
< 12.2
apple/safari
< 15.3
apple/tvos
< 15.3
apple/watchos
< 8.4
Published
Mar 18, 2022
Tracked Since
Feb 18, 2026