CVE-2014-1826

{"id": "CVE-2014-1826", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-03-26T10:55:05.240", "references": [{"url": "http://www.madirish.net/559", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la aplicaci\u00f3n iThoughtsHD 4.19 para iOS en dispositivos iPad, cuando la funcionalidad WiFi Transfer es utilizada, permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de un nombre de mapa manipulado."}], "lastModified": "2014-03-26T18:11:18.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ithoughts:ithoughtshd:4.19:*:*:*:*:iphone_os:ipad:*", "vulnerable": true, "matchCriteriaId": "AE1B585C-3B65-4E32-987D-BF1C44AF6C5F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}