CVE-2023-40451
HIGH8.8EPSS 0.21%Published: 9/27/2023Modified: 4/28/2026
Description
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.
Affected packages (2)
- Debian/webkit2gtkfrom 0, < 2.40.5-1~deb11u1
- Debian/wpewebkitfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |