CVE-2024-54540

MEDIUM

Apple Music < 1.5.0.152 - Cross-Site Scripting

Title source: llm

Description

The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.

References (1)

Core 1

Core References

Vendor Advisory

https://support.apple.com/en-us/122043

Scores

CVSS v3 4.3

EPSS 0.0028

EPSS Percentile 51.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

Apple/Apple Music < 1.5.0

apple/music < 1.5.0.152

Published Jan 15, 2025

Tracked Since Feb 18, 2026