CVE-2024-44187

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-44187

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44187.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-44187

Downstream

DEBIAN-CVE-2024-44187

DLA-3961-1

DSA-5792-1

RHSA-2024:8180

RHSA-2024:9553

RHSA-2024:9636

RHSA-2025:10364

RLSA-2024:8180

RLSA-2024:9636

SUSE-SU-2024:3751-1

SUSE-SU-2024:3752-1

SUSE-SU-2024:3869-1

SUSE-SU-2024:3870-1

SUSE-SU-2024:4084-1

SUSE-SU-2025:0043-1

SUSE-SU-2025:0096-1

SUSE-SU-2025:0104-1

UBUNTU-CVE-2024-44187

USN-7079-1

Related

Withdrawn

2026-01-27T04:19:42.176981Z

Published

2024-09-17T00:15:52Z

Modified

2026-01-27T04:19:42.176981Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.

References

Affected packages