The host is installed with Apple iTunes before 12.9 or Apple iCloud before 7.7 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fail to properly handle the URL validation. Successful exploitation could allow attackers to execute scripts in the context of another website.