VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kh8b-a2kd-5yhm

Essentials
Severities (47)
References (27)
Severity details (31)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kh8b-a2kd-5yhm
Aliases	CVE-2024-40785
Summary	This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40785.json
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
epss	0.00846	https://api.first.org/data/v1/epss?cve=CVE-2024-40785
cvssv3.1	6.1	http://seclists.org/fulldisclosure/2024/Jul/15
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jul/15
cvssv3.1	6.1	http://seclists.org/fulldisclosure/2024/Jul/16
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jul/16
cvssv3.1	6.1	http://seclists.org/fulldisclosure/2024/Jul/17
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jul/17
cvssv3.1	6.1	http://seclists.org/fulldisclosure/2024/Jul/18
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jul/18
cvssv3.1	6.1	http://seclists.org/fulldisclosure/2024/Jul/21
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jul/21
cvssv3.1	6.1	http://seclists.org/fulldisclosure/2024/Jul/22
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jul/22
cvssv3.1	6.1	http://seclists.org/fulldisclosure/2024/Jul/23
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jul/23
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2024-40785
cvssv3.1	6.1	https://support.apple.com/en-us/HT214116
ssvc	Track	https://support.apple.com/en-us/HT214116
cvssv3.1	6.1	https://support.apple.com/en-us/HT214117
ssvc	Track	https://support.apple.com/en-us/HT214117
cvssv3.1	6.1	https://support.apple.com/en-us/HT214119
ssvc	Track	https://support.apple.com/en-us/HT214119
cvssv3.1	6.1	https://support.apple.com/en-us/HT214121
ssvc	Track	https://support.apple.com/en-us/HT214121
cvssv3.1	6.1	https://support.apple.com/en-us/HT214122
ssvc	Track	https://support.apple.com/en-us/HT214122
cvssv3.1	6.1	https://support.apple.com/en-us/HT214123
ssvc	Track	https://support.apple.com/en-us/HT214123
cvssv3.1	6.1	https://support.apple.com/en-us/HT214124
ssvc	Track	https://support.apple.com/en-us/HT214124

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40785.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-40785
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40785
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
15		http://seclists.org/fulldisclosure/2024/Jul/15
16		http://seclists.org/fulldisclosure/2024/Jul/16
17		http://seclists.org/fulldisclosure/2024/Jul/17
18		http://seclists.org/fulldisclosure/2024/Jul/18
21		http://seclists.org/fulldisclosure/2024/Jul/21
22		http://seclists.org/fulldisclosure/2024/Jul/22
23		http://seclists.org/fulldisclosure/2024/Jul/23
2302068		https://bugzilla.redhat.com/show_bug.cgi?id=2302068
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2024-40785		https://nvd.nist.gov/vuln/detail/CVE-2024-40785
HT214116		https://support.apple.com/en-us/HT214116
HT214117		https://support.apple.com/en-us/HT214117
HT214119		https://support.apple.com/en-us/HT214119
HT214121		https://support.apple.com/en-us/HT214121
HT214122		https://support.apple.com/en-us/HT214122
HT214123		https://support.apple.com/en-us/HT214123
HT214124		https://support.apple.com/en-us/HT214124

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40785.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2024/Jul/15

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at http://seclists.org/fulldisclosure/2024/Jul/15

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2024/Jul/16

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at http://seclists.org/fulldisclosure/2024/Jul/16

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2024/Jul/17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at http://seclists.org/fulldisclosure/2024/Jul/17

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2024/Jul/18

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at http://seclists.org/fulldisclosure/2024/Jul/18

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2024/Jul/21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at http://seclists.org/fulldisclosure/2024/Jul/21

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2024/Jul/22

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at http://seclists.org/fulldisclosure/2024/Jul/22

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2024/Jul/23

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at http://seclists.org/fulldisclosure/2024/Jul/23

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-40785

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://support.apple.com/en-us/HT214116

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at https://support.apple.com/en-us/HT214116

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://support.apple.com/en-us/HT214117

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at https://support.apple.com/en-us/HT214117

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://support.apple.com/en-us/HT214119

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at https://support.apple.com/en-us/HT214119

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://support.apple.com/en-us/HT214121

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at https://support.apple.com/en-us/HT214121

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://support.apple.com/en-us/HT214122

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at https://support.apple.com/en-us/HT214122

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://support.apple.com/en-us/HT214123

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at https://support.apple.com/en-us/HT214123

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://support.apple.com/en-us/HT214124

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T14:53:29Z/ Found at https://support.apple.com/en-us/HT214124

Exploit Prediction Scoring System (EPSS)

Percentile	0.73886
EPSS Score	0.00846
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:14:36.455824+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/40xxx/CVE-2024-40785.json	37.0.0