CVE-2017-17749
Bose SoundTouch devices are affected by a cross-site scripting (XSS) vulnerability triggered by specially crafted song data from a music service (e.g., Pandora). The issue arises in the handling of metadata or payload within song data, enabling an attacker-controlled input to be interpreted as ex...