CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.2%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/151018/Base-Soundtouch-18.1.4-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2019/Jan/16
http://packetstormsecurity.com/files/151018/Base-Soundtouch-18.1.4-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2019/Jan/16

Products affected by CVE-2018-12638

Bose » Soundtouch » Version: 18.1.4

cpe:2.3:a:bose:soundtouch:18.1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12638

Products

Pricing

Contact Us