The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached o...
7.5CVSS
7.5AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.
5.4CVSS
5.4AI Score
0.001EPSS