Aggregates CVE and security vulnerability intelligence across all ithoughts-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk input validation and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact unexpected behavior and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-1828 | The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers to cause a denial of service (disk consumption) by uploading a large file. | [email protected] | 4.3 | 0.41% | 2014-03-26 | 2026-05-06 |
| CVE-2014-1827 | The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file. | [email protected] | 4.3 | 0.24% | 2014-03-26 | 2026-05-06 |
| CVE-2014-1826 | Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name. | [email protected] | 2.6 | 0.22% | 2014-03-26 | 2026-05-06 |