CVE-2019-6228: XSS
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.
Other sources
Safari Reader. A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
Credit
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2019-6228
- CVE-2019-6215
- CVE-2019-6212
- CVE-2019-6216
- CVE-2019-6217
- CVE-2019-6226
- CVE-2019-6227
- CVE-2019-6233
- CVE-2019-6234
- CVE-2019-6229
- CVE-2019-8570
- CVE-2019-6235
- CVE-2019-6200
- CVE-2019-6202
- CVE-2019-6221
- CVE-2019-6231
- CVE-2019-6230
- CVE-2019-6224
- CVE-2019-6214
- CVE-2019-6225
- CVE-2019-6210
- CVE-2019-6205
- CVE-2019-6213
- CVE-2019-6209
- CVE-2019-6208
- CVE-2019-6206
- CVE-2019-6218
- CVE-2019-6219
- CVE-2018-20346
- CVE-2018-20505
- CVE-2018-20506
- CVE-2019-6211
Frequently Asked Questions
What is CVE-2019-6228?
CVE-2019-6228 is a cross-site scripting vulnerability in Safari that has been fixed in iOS 12.1.3 and Safari 12.0.3.
How does CVE-2019-6228 affect me?
If you are using an iOS version up to 12.1.3 or Safari version up to 12.0.3, processing maliciously crafted web content can lead to a cross-site scripting attack.
How severe is CVE-2019-6228?
CVE-2019-6228 has a severity rating of medium with a CVSS score of 6.1.
What is the fix for CVE-2019-6228?
To fix CVE-2019-6228, update your iOS device to version 12.1.3 or update Safari to version 12.0.3.
Where can I find more information about CVE-2019-6228?
You can find more information about CVE-2019-6228 at the following references: [http://www.securityfocus.com/bid/106692](http://www.securityfocus.com/bid/106692), [https://support.apple.com/HT209443](https://support.apple.com/HT209443), [https://support.apple.com/HT209449](https://support.apple.com/HT209449).