{"api_version":"1","generated_at":"2026-05-15T05:59:40+00:00","cve":"CVE-2019-6228","urls":{"html":"https://cve.report/CVE-2019-6228","api":"https://cve.report/api/cve/CVE-2019-6228.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-6228","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-6228"},"summary":{"title":"CVE-2019-6228","description":"A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2019-03-05 16:29:00","updated_at":"2019-03-06 14:18:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106692","name":"106692","refsource":"BID","tags":["Third Party Advisory"],"title":"Apple Safari and iOS CVE-2019-6228 Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://support.apple.com/HT209449","name":"https://support.apple.com/HT209449","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of Safari 12.0.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/HT209443","name":"https://support.apple.com/HT209443","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of iOS 12.1.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-6228","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6228","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"6228","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6228","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6228","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6228","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@apple.com","ID":"CVE-2019-6228","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"iOS","version":{"version_data":[{"version_affected":"<","version_value":"iOS 12.1.3"}]}},{"product_name":"Safari","version":{"version_data":[{"version_affected":"<","version_value":"Safari 12.0.3"}]}}]},"vendor_name":"Apple"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Processing maliciously crafted web content may lead to a cross site scripting attack"}]}]},"references":{"reference_data":[{"name":"https://support.apple.com/HT209443","refsource":"CONFIRM","url":"https://support.apple.com/HT209443"},{"name":"https://support.apple.com/HT209449","refsource":"CONFIRM","url":"https://support.apple.com/HT209449"},{"name":"106692","refsource":"BID","url":"http://www.securityfocus.com/bid/106692"}]}},"nvd":{"publishedDate":"2019-03-05 16:29:00","lastModifiedDate":"2019-03-06 14:18:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"12.0.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"6228","Ordinal":"143899","Title":"CVE-2019-6228","CVE":"CVE-2019-6228","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"6228","Ordinal":"1","NoteData":"A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"6228","Ordinal":"2","NoteData":"2019-03-05","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"6228","Ordinal":"3","NoteData":"2019-03-06","Type":"Other","Title":"Modified"}]}}}