Fwd: [CIVN-2020-0441] Cross-site script vulnerability in Apple Server

1 year ago 69

Severity Rating: HIGH

Software Affected

Apple macOS server version prior to 5.10

Overview

A vulnerability has been reported in Apple macOS server which could allow a

remote attacker to obtain sensitive information and execute arbitrary code

on the targeted system.

Description

This vulnerability exist in Apple macOS server due to insufficient

sanitization of user-supplied data. A remote attacker could exploit this

vulnerability by sending a specially crafted HTML link.  

Successful exploitation of this vulnerability could allow a remote attacker

to gain access sensitive information, change appearance of the web page and

perform phishing attacks on the targeted system.

Solution

Apply appropriate updates as mentioned in Apple Security Advisory HT211932 

Vendor Information

Apple

References

Apple

CVE Name

CVE-2020-9995

About Cert Advisory

Related Posts

Read Entire Article