{"alias":[],"description":"Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.","epss":{"percentile":"0.43462","score":"0.002110"},"id":"CVE-2016-1763","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"MEDIUM","access_vector":"NETWORK","authentication":"SINGLE","availability_impact":"NONE","base_score":3.5,"base_severity":"LOW","confidentiality_impact":"PARTIAL","exploitability_score":6.8,"impact_score":2.9,"integrity_impact":"NONE","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":1,"vector_string":"AV:N\/AC:M\/Au:S\/C:P\/I:N\/A:N","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"NETWORK","availability_impact":"NONE","base_score":3.5,"base_severity":"LOW","confidentiality_impact":"LOW","exploitability_score":2.1,"impact_score":1.4,"integrity_impact":"NONE","privileges_required":"LOW","scope":"UNCHANGED","user_interaction":"REQUIRED","vector_string":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:N\/A:N","version":"3.0"}},"modified":"2026-05-06T22:30:45","nvd_status":"Modified","published":"2016-03-24T01:59:31","score":3.5,"severity":"LOW","source":"product-security@apple.com","status":"PUBLISHED","weaknesses":[{"id":"CWE-20","name":"Improper Input Validation","type":"weakness"}]}