CVE-2024-54540

MEDIUM

Apple Music < 1.5.0.152 - XSS

Title source: rule

Description

The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.

References (1)

[Vendor Advisory] https://support.apple.com/en-us/122043

Scores

CVSS v3 4.3

EPSS 0.0028

EPSS Percentile 50.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

apple/music < 1.5.0.152

Timeline

Published Jan 15, 2025

Tracked Since Feb 18, 2026