cvelistv5 - cve-2024-40785

CVE-2024-40785 (GCVE-0-2024-40785)

Vulnerability from cvelistv5

Published

2024-07-29 22:16

Modified

2025-11-04 17:23

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

Processing maliciously crafted web content may lead to a cross site scripting attack

Summary

This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

References

►

URL

Tags

	https://support.apple.com/en-us/HT214121
	https://support.apple.com/en-us/HT214117
	https://support.apple.com/en-us/HT214116
	https://support.apple.com/en-us/HT214124
	https://support.apple.com/en-us/HT214119
	https://support.apple.com/en-us/HT214123
	https://support.apple.com/en-us/HT214122
	http://seclists.org/fulldisclosure/2024/Jul/16
	http://seclists.org/fulldisclosure/2024/Jul/15
	http://seclists.org/fulldisclosure/2024/Jul/23
	http://seclists.org/fulldisclosure/2024/Jul/21
	http://seclists.org/fulldisclosure/2024/Jul/17
	http://seclists.org/fulldisclosure/2024/Jul/22
	http://seclists.org/fulldisclosure/2024/Jul/18

Impacted products

Vendor

Product

Version

►

Apple

Safari

Version: unspecified < 17.6

Apple	iOS and iPadOS	Version: unspecified < 17.6
Apple	iOS and iPadOS	Version: unspecified < 16.7
Apple	watchOS	Version: unspecified < 10.6
Apple	macOS	Version: unspecified < 14.6
Apple	visionOS	Version: unspecified < 1.3
Apple	tvOS	Version: unspecified < 17.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40785",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-30T14:53:29.106987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T16:20:43.165Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:23:28.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214121"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214117"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214116"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214124"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214119"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html"
          },
          {
            "url": "https://support.apple.com/kb/HT214124"
          },
          {
            "url": "https://support.apple.com/kb/HT214122"
          },
          {
            "url": "https://support.apple.com/kb/HT214119"
          },
          {
            "url": "https://support.apple.com/kb/HT214117"
          },
          {
            "url": "https://support.apple.com/kb/HT214116"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "16.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "1.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to a cross site scripting attack",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-29T22:20:41.457Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214121"
        },
        {
          "url": "https://support.apple.com/en-us/HT214117"
        },
        {
          "url": "https://support.apple.com/en-us/HT214116"
        },
        {
          "url": "https://support.apple.com/en-us/HT214124"
        },
        {
          "url": "https://support.apple.com/en-us/HT214119"
        },
        {
          "url": "https://support.apple.com/en-us/HT214123"
        },
        {
          "url": "https://support.apple.com/en-us/HT214122"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/16"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/15"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/23"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/21"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/17"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/22"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-40785",
    "datePublished": "2024-07-29T22:16:56.242Z",
    "dateReserved": "2024-07-10T17:11:04.689Z",
    "dateUpdated": "2025-11-04T17:23:28.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214121\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214117\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214116\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214124\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214119\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214123\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214122\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/15\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/23\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/21\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/17\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/22\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/18\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html\"}, {\"url\": \"https://support.apple.com/kb/HT214124\"}, {\"url\": \"https://support.apple.com/kb/HT214122\"}, {\"url\": \"https://support.apple.com/kb/HT214119\"}, {\"url\": \"https://support.apple.com/kb/HT214117\"}, {\"url\": \"https://support.apple.com/kb/HT214116\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T17:23:28.318Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-40785\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-30T14:53:29.106987Z\"}}}, {\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-30T14:53:33.694Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"16.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"10.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"14.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"1.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.6\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214121\"}, {\"url\": \"https://support.apple.com/en-us/HT214117\"}, {\"url\": \"https://support.apple.com/en-us/HT214116\"}, {\"url\": \"https://support.apple.com/en-us/HT214124\"}, {\"url\": \"https://support.apple.com/en-us/HT214119\"}, {\"url\": \"https://support.apple.com/en-us/HT214123\"}, {\"url\": \"https://support.apple.com/en-us/HT214122\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/16\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/15\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/23\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/21\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/17\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/22\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/18\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to a cross site scripting attack\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2024-07-29T22:20:41.457Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-40785\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T17:23:28.318Z\", \"dateReserved\": \"2024-07-10T17:11:04.689Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2024-07-29T22:16:56.242Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-40785 (GCVE-0-2024-40785)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature