{"api_version":"1","generated_at":"2026-04-22T20:52:13+00:00","cve":"CVE-2021-1825","urls":{"html":"https://cve.report/CVE-2021-1825","api":"https://cve.report/api/cve/CVE-2021-1825.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-1825","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-1825"},"summary":{"title":"CVE-2021-1825","description":"An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2021-09-08 15:15:00","updated_at":"2021-09-16 14:24:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT212325","name":"https://support.apple.com/en-us/HT212325","refsource":"MISC","tags":[],"title":"About the security content of macOS Big Sur 11.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212324","name":"https://support.apple.com/en-us/HT212324","refsource":"MISC","tags":[],"title":"About the security content of watchOS 7.4 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212323","name":"https://support.apple.com/en-us/HT212323","refsource":"MISC","tags":[],"title":"About the security content of tvOS 14.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212321","name":"https://support.apple.com/en-us/HT212321","refsource":"MISC","tags":[],"title":"About the security content of iCloud for Windows 12.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212319","name":"https://support.apple.com/en-us/HT212319","refsource":"MISC","tags":[],"title":"About the security content of iTunes 12.11.3 for Windows - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212317","name":"https://support.apple.com/en-us/HT212317","refsource":"MISC","tags":[],"title":"About the security content of iOS 14.5 and iPadOS 14.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212318","name":"https://support.apple.com/en-us/HT212318","refsource":"MISC","tags":[],"title":"About the security content of Safari 14.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-1825","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-1825","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"1825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"icloud","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"itunes","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"safari","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-1825","qid":"180431","title":"Debian Security Update for wpewebkitwebkit2gtk (CVE-2021-1825)"},{"cve":"CVE-2021-1825","qid":"296065","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)"},{"cve":"CVE-2021-1825","qid":"355438","title":"Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-2088"},{"cve":"CVE-2021-1825","qid":"375503","title":"Apple MacOS Big Sur 11.3 Not Installed (HT212325)"},{"cve":"CVE-2021-1825","qid":"375506","title":"Apple iCloud for Windows Prior to 12.3 Multiple Vulnerabilities(HT212321)"},{"cve":"CVE-2021-1825","qid":"375508","title":"Apple iTunes for Windows Prior to 12.11.3 Multiple Vulnerabilities (HT212319)"},{"cve":"CVE-2021-1825","qid":"375509","title":"Apple Safari Multiple Vulnerabilities (HT212318)"},{"cve":"CVE-2021-1825","qid":"376650","title":"Apple iTunes for Windows Prior to 12.11.3 Vulnerabilities (HT212319)"},{"cve":"CVE-2021-1825","qid":"501938","title":"Alpine Linux Security Update for webkit2gtk"},{"cve":"CVE-2021-1825","qid":"505515","title":"Alpine Linux Security Update for webkit2gtk"},{"cve":"CVE-2021-1825","qid":"610334","title":"Apple iOS 14.5 and iPadOS 14.5 Security Update Missing (HT212317)"},{"cve":"CVE-2021-1825","qid":"710570","title":"Gentoo Linux WebkitGTK+ Multiple Vulnerabilities (GLSA 202202-01)"},{"cve":"CVE-2021-1825","qid":"751623","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0142-1)"},{"cve":"CVE-2021-1825","qid":"751646","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0183-1)"},{"cve":"CVE-2021-1825","qid":"751648","title":"SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0182-1)"},{"cve":"CVE-2021-1825","qid":"751659","title":"OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-1)"},{"cve":"CVE-2021-1825","qid":"751755","title":"OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-2)"},{"cve":"CVE-2021-1825","qid":"960096","title":"Rocky Linux Security Update for GNOME (RLSA-2021:1586)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-1825","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_value":"14.5"}]}},{"product_name":"Safari","version":{"version_data":[{"version_affected":"<","version_value":"14.1"}]}},{"product_name":"iTunes for Windows","version":{"version_data":[{"version_affected":"<","version_value":"12.11"}]}},{"product_name":"iCloud for Windows","version":{"version_data":[{"version_affected":"<","version_value":"12.3"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"14.5"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_value":"7.4"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"11.3"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Processing maliciously crafted web content may lead to a cross site scripting attack"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212317","name":"https://support.apple.com/en-us/HT212317"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212323","name":"https://support.apple.com/en-us/HT212323"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212324","name":"https://support.apple.com/en-us/HT212324"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212325","name":"https://support.apple.com/en-us/HT212325"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212318","name":"https://support.apple.com/en-us/HT212318"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212319","name":"https://support.apple.com/en-us/HT212319"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212321","name":"https://support.apple.com/en-us/HT212321"}]},"description":{"description_data":[{"lang":"eng","value":"An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack."}]}},"nvd":{"publishedDate":"2021-09-08 15:15:00","lastModifiedDate":"2021-09-16 14:24:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"14.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*","versionEndExcluding":"12.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*","versionEndExcluding":"12.11.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"14.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"7.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"14.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"1825","Ordinal":"192914","Title":"CVE-2021-1825","CVE":"CVE-2021-1825","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"1825","Ordinal":"1","NoteData":"An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"1825","Ordinal":"2","NoteData":"2021-09-08","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"1825","Ordinal":"3","NoteData":"2021-09-08","Type":"Other","Title":"Modified"}]}}}