Sign-up

ID

VAR-201309-0409


CVE

CVE-2013-5131


TITLE

Apple iOS Used in etc. WebKit Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-004232

DESCRIPTION

Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Apple iOS Used in etc. Apple iOS for iPhone, iPod touch, and iPad is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Note: This issue was previously covered in BID 62491 (Apple iPhone/iPad/iPod touch Prior to iOS 7 Multiple Vulnerabilities), but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Trust: 1.98

sources: NVD: CVE-2013-5131 // JVNDB: JVNDB-2013-004232 // BID: 62541 // VULHUB: VHN-65133

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:4.3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:6.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:7 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (iphone 4 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:7 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.1 (apple mac os x server v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.1 (apple mac os x v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:6.1 (apple mac os x v10.8.5)

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:6.1.4

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:4.0.1-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:4.0.1-

Trust: 0.3

vendor:applemodel:iphone ipodtouchscope:eqversion:4.0-

Trust: 0.3

vendor:applemodel:iphone iphonescope:eqversion:4.0-

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

sources: BID: 62541 // JVNDB: JVNDB-2013-004232 // CNNVD: CNNVD-201309-326 // NVD: CVE-2013-5131

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5131
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5131
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-326
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65133
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5131
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65133
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65133 // JVNDB: JVNDB-2013-004232 // CNNVD: CNNVD-201309-326 // NVD: CVE-2013-5131

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65133 // JVNDB: JVNDB-2013-004232 // NVD: CVE-2013-5131

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-326

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201309-326

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004232

PATCH
title:APPLE-SA-2013-10-22-2url:http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html
Trust: 0.8
title:APPLE-SA-2013-09-18-2url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
Trust: 0.8
title:HT6000url:http://support.apple.com/kb/HT6000
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934
Trust: 0.8
title:HT6000url:http://support.apple.com/kb/HT6000?viewlocale=ja_JP
Trust: 0.8
title:HT5934url:http://support.apple.com/kb/HT5934?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004232

EXTERNAL IDS
db:NVDid:CVE-2013-5131
Trust: 2.8
db:SECTRACKid:1029054
Trust: 1.1
db:SECUNIAid:54886
Trust: 1.1
db:JVNid:JVNVU98681940
Trust: 0.8
db:JVNid:JVNVU95174988
Trust: 0.8
db:JVNDBid:JVNDB-2013-004232
Trust: 0.8
db:CNNVDid:CNNVD-201309-326
Trust: 0.7
db:APPLEid:APPLE-SA-2013-09-18-2
Trust: 0.6
db:BIDid:62541
Trust: 0.4
db:VULHUBid:VHN-65133
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65133 // 
            
            
            
            BID: 62541 // 
            
            
            
            JVNDB: JVNDB-2013-004232 // 
            
            
            
            CNNVD: CNNVD-201309-326 // 
            
            
            
            NVD: CVE-2013-5131

REFERENCES
url:http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html
Trust: 1.7
url:http://support.apple.com/kb/ht5934
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2013/oct/msg00003.html
Trust: 1.1
url:http://www.securitytracker.com/id/1029054
Trust: 1.1
url:http://secunia.com/advisories/54886
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5131
Trust: 0.8
url:http://jvn.jp/cert/jvnvu98681940/index.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu95174988/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5131
Trust: 0.8
url:http://www.apple.com/iphone/softwareupdate/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65133 // 
            
            
            
            BID: 62541 // 
            
            
            
            JVNDB: JVNDB-2013-004232 // 
            
            
            
            CNNVD: CNNVD-201309-326 // 
            
            
            
            NVD: CVE-2013-5131

CREDITS
Erling A Ellingsen
Trust: 0.3
sources:
            
            
            BID: 62541

SOURCES
db:VULHUBid:VHN-65133
db:BIDid:62541
db:JVNDBid:JVNDB-2013-004232
db:CNNVDid:CNNVD-201309-326
db:NVDid:CVE-2013-5131

LAST UPDATE DATE
2025-04-11T19:41:47.827000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65133date:2013-10-31T00:00:00
db:BIDid:62541date:2013-10-24T00:50:00
db:JVNDBid:JVNDB-2013-004232date:2013-11-11T00:00:00
db:CNNVDid:CNNVD-201309-326date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5131date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65133date:2013-09-19T00:00:00
db:BIDid:62541date:2013-09-18T00:00:00
db:JVNDBid:JVNDB-2013-004232date:2013-09-24T00:00:00
db:CNNVDid:CNNVD-201309-326date:2013-09-23T00:00:00
db:NVDid:CVE-2013-5131date:2013-09-19T10:27:56.477