CVE-2018-12638

An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.
Configurations

Configuration 1

cpe:2.3:a:bose:soundtouch:18.1.4:*:*:*:*:iphone_os:*:*

Information

Published : 2019-03-21 04:00

Updated : 2019-03-21 06:54


NVD link : CVE-2018-12638

Mitre link : CVE-2018-12638

Products Affected
No products.
CWE