Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.
5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.
8.8CVSS
8.4AI Score
0.005EPSS
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.
6.1CVSS
6.3AI Score
0.003EPSS