Sign-up

ID

VAR-201309-0408


CVE

CVE-2013-5129


TITLE

Apple iOS Used in etc. WebKit Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-004231

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. Apple iOS Used in etc. Apple iOS for iPhone, iPod touch, and iPad is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Note: This issue was previously covered in BID 62491 (Apple iPhone/iPad/iPod touch Prior to iOS 7 Multiple Vulnerabilities), but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 2.07

sources: NVD: CVE-2013-5129 // JVNDB: JVNDB-2013-004231 // BID: 62537 // VULHUB: VHN-65131 // VULMON: CVE-2013-5129

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.1 (apple mac os x server v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.1 (apple mac os x v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.1 (apple mac os x v10.8.5)

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:6.1.4

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:4.0.1-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:4.0.1-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:4.0-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:4.0-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: BID: 62537 // JVNDB: JVNDB-2013-004231 // CNNVD: CNNVD-201309-325 // NVD: CVE-2013-5129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5129
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5129
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-325
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65131
value: MEDIUM

Trust: 0.1

VULMON: CVE-2013-5129
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5129
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-65131
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65131 // VULMON: CVE-2013-5129 // JVNDB: JVNDB-2013-004231 // CNNVD: CNNVD-201309-325 // NVD: CVE-2013-5129

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65131 // JVNDB: JVNDB-2013-004231 // NVD: CVE-2013-5129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-325

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201309-325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004231

PATCH
title:APPLE-SA-2013-10-22-2url:http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html
Trust: 0.8
title:APPLE-SA-2013-09-18-2url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
Trust: 0.8
title:HT6000url:http://support.apple.com/kb/HT6000
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934
Trust: 0.8
title:HT6000url:http://support.apple.com/kb/HT6000?viewlocale=ja_JP
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004231

EXTERNAL IDS
db:NVDid:CVE-2013-5129
Trust: 2.9
db:SECTRACKid:1029054
Trust: 1.2
db:SECUNIAid:54886
Trust: 1.2
db:JVNid:JVNVU98681940
Trust: 0.8
db:JVNid:JVNVU95174988
Trust: 0.8
db:JVNDBid:JVNDB-2013-004231
Trust: 0.8
db:CNNVDid:CNNVD-201309-325
Trust: 0.7
db:APPLEid:APPLE-SA-2013-09-18-2
Trust: 0.6
db:BIDid:62537
Trust: 0.4
db:VULHUBid:VHN-65131
Trust: 0.1
db:VULMONid:CVE-2013-5129
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65131 // 
            
            
            
            VULMON: CVE-2013-5129 // 
            
            
            
            BID: 62537 // 
            
            
            
            JVNDB: JVNDB-2013-004231 // 
            
            
            
            CNNVD: CNNVD-201309-325 // 
            
            
            
            NVD: CVE-2013-5129

REFERENCES
url:http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html
Trust: 1.8
url:http://support.apple.com/kb/ht5934
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2013/oct/msg00003.html
Trust: 1.2
url:http://www.securitytracker.com/id/1029054
Trust: 1.2
url:http://secunia.com/advisories/54886
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5129
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98681940/index.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95174988/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5129
Trust: 0.8
url:http://www.apple.com/iphone/softwareupdate/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65131 // 
            
            
            
            VULMON: CVE-2013-5129 // 
            
            
            
            BID: 62537 // 
            
            
            
            JVNDB: JVNDB-2013-004231 // 
            
            
            
            CNNVD: CNNVD-201309-325 // 
            
            
            
            NVD: CVE-2013-5129

CREDITS
Mario Heiderich
Trust: 0.3
sources:
            
            
            BID: 62537

SOURCES
db:VULHUBid:VHN-65131
db:VULMONid:CVE-2013-5129
db:BIDid:62537
db:JVNDBid:JVNDB-2013-004231
db:CNNVDid:CNNVD-201309-325
db:NVDid:CVE-2013-5129

LAST UPDATE DATE
2025-04-11T20:06:33.820000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65131date:2013-10-31T00:00:00
db:VULMONid:CVE-2013-5129date:2013-10-31T00:00:00
db:BIDid:62537date:2013-10-24T00:30:00
db:JVNDBid:JVNDB-2013-004231date:2013-11-11T00:00:00
db:CNNVDid:CNNVD-201309-325date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5129date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65131date:2013-09-19T00:00:00
db:VULMONid:CVE-2013-5129date:2013-09-19T00:00:00
db:BIDid:62537date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004231date:2013-09-24T00:00:00
db:CNNVDid:CNNVD-201309-325date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5129date:2013-09-19T10:27:56.443