CVE-2018-4377
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-4377
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-4377.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-4377
- Published
- 2019-04-03T18:29:11.673Z
- Modified
- 2025-11-14T08:59:33.191881Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
- References
Affected packages
Git / github.com/webkit/webkit
Affected ranges
- Type
- GIT
- Repo
- https://github.com/webkit/webkit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Safari-606.*
Safari-606.1.26
Safari-606.1.27
Safari-606.1.28
Safari-606.1.28.1
Safari-606.1.29
Safari-606.1.30
Safari-606.1.31
Safari-606.1.32
Safari-606.1.32.1
Safari-606.1.33
Safari-606.1.34
Safari-606.1.35
Safari-606.1.36
Safari-606.2.1
Safari-606.2.100
Safari-606.2.101
Safari-606.2.102
Safari-606.2.103
Safari-606.2.104