3 matches found
CVE-2018-12638
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app...
CVE-2018-12638
The CVE-2018-12638 entry concerns Bose Soundtouch for iOS version 18.1.4 where there is no frontend input validation of the device name. The underlying cause is reflected in multiple sources as a Cross‑Site Scripting risk: a malicious device name can cause JavaScript to execute in the registered ...
Base Soundtouch 18.1.4 Cross Site Scripting
CWE-80 XSS Bose Soundtouch App Internal reference: - Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 18.1.4 and maybe older versions, too not tested Vulnerable component: IOS Frontend of the application Report confidence: Unconfirmed Solution status: Could be fixed by vendor?...