CVE-2016-4758
- Source
- https://cve.org/CVERecord?id=CVE-2016-4758
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4758.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-4758
- Downstream
- Related
- Published
- 2016-09-25T10:59:52.830Z
- Modified
- 2026-03-15T22:08:07.789534Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
- References
-
- http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html
- http://www.securityfocus.com/bid/93066
- http://www.securitytracker.com/id/1036854
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
- https://support.apple.com/HT207157
- https://support.apple.com/HT207158
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html
- https://support.apple.com/HT207143
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.4.3"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4758.json"