CVE-2019-6204: XSS

Q: What is CVE-2019-6204?

CVE-2019-6204 is a logic issue in Safari Reader that has been fixed in iOS 12.2 and Safari 12.1.

Q: How does CVE-2019-6204 affect Safari on iOS?

Enabling Safari Reader on a maliciously crafted webpage may lead to universal cross-site scripting on iOS versions up to but excluding 12.2.

Q: How do I fix CVE-2019-6204 on iOS?

Update your iOS device to version 12.2 or later to fix CVE-2019-6204.

Q: How does CVE-2019-6204 affect Safari on macOS?

CVE-2019-6204 affects Safari 12.1. Update to the latest version of Safari to fix the vulnerability.

Q: What is the severity of CVE-2019-6204?

CVE-2019-6204 has a severity rating of 6.1 (Medium).

Published Mar 25, 2019

Updated

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.

Other sources

Safari Reader. A logic issue was addressed with improved validation.

Credit

Ryan Pickren (ryanpickren.com)

Affected Software

4 affected componentsFixes available

Safari<12.1

12.1

Apple iOS and iPadOS<12.2

12.2

Safari<12.1

iPhone OS<12.2

Event History

Dec 18, 2019

CVE Published

via MITRE·05:33 PM

Data Sourced

via MITRE·05:33 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-6204?

CVE-2019-6204 is a logic issue in Safari Reader that has been fixed in iOS 12.2 and Safari 12.1.

How does CVE-2019-6204 affect Safari on iOS?