Medium severity6.1NVD Advisory· Published Mar 21, 2019· Updated Jun 17, 2026
CVE-2018-12638
CVE-2018-12638
Description
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =18.1.4
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/151018/Base-Soundtouch-18.1.4-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2019/Jan/16nvdExploitMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.