Apple Mac OS X Notes Cross Site Scripting Vulnerabilities
XLAB ID: XLAB-15-002
CVE ID: CVE-2015-5875
Patch Status: Fixed
Vulnerability Details:
When Notes synchronous ICloud data, is not properly filtered data lead to XSS vulnerabilities.A local user may be able to leak sensitive user information.
Disclosure Timeline:
| 2015/3/28 | Provide vulnerability detail to APPLE via product-security@apple.com |
|---|---|
| 2015/3/28 | APPLE automatic reply |
| 2015/3/29 | APPLE responded that they are verifying the proof of concept code |
| 2015/9/30 | APPLE advisory disclosed,CVE-2015-5875 |
Credit:
This vulnerability was discovered by: xisigr