CVE-2020-9952 - 漏洞详情

CVE-2020-9952 (CNNVD-202009-1034)

HIGH

中文标题:

Apple Safari 跨站脚本漏洞

英文标题:

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1...

CVSS分数: 7.1

发布时间: 2020-10-16 16:53:49

漏洞类型: 跨站脚本

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Apple Safari是美国苹果（Apple）公司的一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器。 Apple Safari 14.0存在跨站脚本漏洞，该漏洞源于攻击者可利用该漏洞无需身份验证远程启动。

英文描述:

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.

CWE类型:

CWE-79

标签:

（暂无数据）

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Apple	iOS	-	< iOS 14.0 and iPadOS 14.0	-	`cpe:2.3:a:apple:ios::::::::`
Apple	tvOS	-	< tvOS 14.0	-	`cpe:2.3:a:apple:tvos::::::::`
Apple	watchOS	-	< watchOS 7.0	-	`cpe:2.3:a:apple:watchos::::::::`
Apple	Safari	-	< Safari 14.0	-	`cpe:2.3:a:apple:safari::::::::`
Apple	iCloud for Windows	-	< iCloud for Windows 11.4	-	`cpe:2.3:a:apple:icloud_for_windows::::::::`
Apple	iCloud for Windows (Legacy)	-	< iCloud for Windows 7.21	-	`cpe:2.3:a:apple:icloud_for_windows_(legacy)::::::::`
apple	icloud	*	-	-	`cpe:2.3:a:apple:icloud::::::windows::*`
apple	safari	*	-	-	`cpe:2.3:a:apple:safari::::::::`
apple	ipados	*	-	-	`cpe:2.3:o:apple:ipados::::::::`
apple	iphone_os	*	-	-	`cpe:2.3:o:apple:iphone_os::::::::`
apple	tvos	*	-	-	`cpe:2.3:o:apple:tvos::::::::`
apple	watchos	*	-	-	`cpe:2.3:o:apple:watchos::::::::`
webkit	webkitgtk\+	*	-	-	`cpe:2.3:a:webkit:webkitgtk\+::::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

无标题 x_refsource_MISC
cve.org

无标题 x_refsource_MISC
cve.org

无标题 x_refsource_MISC
cve.org

无标题 x_refsource_MISC
cve.org

无标题 x_refsource_MISC
cve.org

无标题 x_refsource_MISC
cve.org

20201115 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 mailing-list
cve.org

20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0 mailing-list
cve.org

20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 mailing-list
cve.org

20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 mailing-list
cve.org

[oss-security] 20201123 WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008 mailing-list
cve.org

GLSA-202012-10 vendor-advisory
cve.org

CVSS评分详情

7.1

HIGH

CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CVSS版本: 3.1

机密性

LOW

完整性

LOW

可用性

LOW

时间信息

发布时间:

2020-10-16 16:53:49

修改时间:

2024-08-04 10:50:56

创建时间:

2025-11-11 15:36:31

更新时间:

2025-11-11 15:56:25

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2020-9952`	2025-11-11 15:20:44	2025-11-11 07:36:31
NVD	`nvd_CVE-2020-9952`	2025-11-11 14:57:04	2025-11-11 07:44:53
CNNVD	`cnnvd_CNNVD-202009-1034`	2025-11-11 15:10:30	2025-11-11 07:56:25

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:56:25

vulnerability_type: 未提取 → 跨站脚本; cnnvd_id: 未提取 → CNNVD-202009-1034; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 跨站脚本
cnnvd_id: 未提取 -> CNNVD-202009-1034
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:44:53

severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 7.1; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 6 → 13; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
cvss_score: 未提取 -> 7.1
cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
cvss_version: NOT_EXTRACTED -> 3.1
affected_products_count: 6 -> 13
data_sources: ['cve'] -> ['cve', 'nvd']