E20-0xgs1
CVSS:
6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
False Positive:
f
Variants:
1
Year:
2019
Description
This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft JavaScript in such a way that a cross-origin object can be placed into the prototype chain of a regular object and trigger the invocation of a
cross-origin setter. If this causes an exception it can be potentially leaked allowing access to another window's function constructor and turning it into a UXSS attack.
CVE
https://code.google.com/p/google-security-research/issues/detail?id=1914