CVE-2014-1826 : Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer fea

Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name.

Published 2014-03-26 10:55:05

Updated 2014-03-26 18:11:18

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2014-1826

Probability of exploitation activity in the next 30 days: 0.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-1826

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.6	LOW	AV:N/AC:H/Au:N/C:N/I:P/A:N	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2014-1826

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1826

http://www.madirish.net/559

Mad Irish :: iThoughts Multiple Vulnerabilities
Exploit

CVEs referencing this url

Products affected by CVE-2014-1826

Ithoughts » Ithoughtshd » Version: 4.19 For Iphone Os For Ipad
cpe:2.3:a:ithoughts:ithoughtshd:4.19:*:*:*:*:iphone_os:ipad:*
Matching versions

Vulnerability Details : CVE-2014-1826

Exploit prediction scoring system (EPSS) score for CVE-2014-1826

CVSS scores for CVE-2014-1826

CWE ids for CVE-2014-1826

References for CVE-2014-1826

Products affected by CVE-2014-1826