CVE-2024-40857
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th
This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting.
| Vendor | apple |
| Product | safari |
| Ecosystems | |
| Industries | Technology |
| Published | Sep 16, 2024 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for apple safari
Be the first to know when new medium vulnerabilities affecting apple safari are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Apple / Safari
0 < 18
Apple / iOS and iPadOS
0 < 18
Apple / macOS
0 < 15
Apple / tvOS
0 < 18
Apple / visionOS
0 < 2
Apple / watchOS
0 < 11
References
support.apple.com: https://support.apple.com/en-us/121238 support.apple.com: https://support.apple.com/en-us/121240 support.apple.com: https://support.apple.com/en-us/121241 support.apple.com: https://support.apple.com/en-us/121248 support.apple.com: https://support.apple.com/en-us/121249 support.apple.com: https://support.apple.com/en-us/121250 seclists.org: http://seclists.org/fulldisclosure/2024/Sep/37 seclists.org: http://seclists.org/fulldisclosure/2024/Sep/36 seclists.org: http://seclists.org/fulldisclosure/2024/Sep/33 seclists.org: http://seclists.org/fulldisclosure/2024/Sep/32