CVE-2014-1750

Name of the Vulnerable Software and Affected Versions Nokia Maps & Places plugin version 1.6.6

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the href parameter to the "page/place.html" endpoint. Initially, it was reported as a cross-site scripting (XSS) vulnerability, but this classification may be inaccurate.

Recommendations For Nokia Maps & Places plugin version 1.6.6, consider disabling the href parameter in the "page/place.html" endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the href parameter in the affected endpoint until the issue is resolved.