CVE-2018-4377: XSS
Safari Reader. A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
Other sources
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
Credit
Affected Software
Event History
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2018-4384
- CVE-2018-4398
- CVE-2018-4394
- CVE-2018-4371
- CVE-2018-4420
- CVE-2018-4413
- CVE-2018-4419
- CVE-2018-4381
- CVE-2018-4369
- CVE-2018-4374
- CVE-2018-4377
- CVE-2018-4400
- CVE-2018-4372
- CVE-2018-4373
- CVE-2018-4375
- CVE-2018-4376
- CVE-2018-4382
- CVE-2018-4386
- CVE-2018-4392
- CVE-2018-4416
- CVE-2018-4378
- CVE-2018-4368
- CVE-2018-4409
- CVE-2018-4339
- CVE-2018-4365
- CVE-2018-4366
- CVE-2018-4367
- CVE-2018-4427
- CVE-2018-4390
- CVE-2018-4391
- CVE-2018-4388
- CVE-2018-4387
- CVE-2018-4385
Frequently Asked Questions
What is CVE-2018-4377?
CVE-2018-4377 is a cross-site scripting vulnerability that existed in Safari.
Which versions are affected by CVE-2018-4377?
Versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, and iCloud for Windows 7.8 are affected by CVE-2018-4377.
What is the severity of CVE-2018-4377?
The severity of CVE-2018-4377 is medium with a score of 6.1.
How do I fix CVE-2018-4377?
To fix CVE-2018-4377, update to iOS 12.1 or later, watchOS 5.1 or later, Safari 12.0.1 or later, iTunes 12.9.1 or later, and iCloud for Windows 7.8 or later.
Where can I find more information about CVE-2018-4377?
You can find more information about CVE-2018-4377 at the following references: [Link 1](https://support.apple.com/kb/HT209192), [Link 2](https://support.apple.com/kb/HT209195), [Link 3](https://support.apple.com/kb/HT209196).