A vulnerability in AirDroid application which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network allow hackers to perform Dos attack from your Android device.
Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker is able to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.
According to advisory posted by US-Cert, When this message is viewed on the AirDroid web interface an attacker can conduct a cross-site scripting attack, which may be used to result in information leakage, privilege escalation, and/or denial of service on the host computer.
Vulnerability is currently not patched and also AirDroid team didn't annouce any update regarding fix. As a general good security practice, only allow connections from trusted hosts and networks.
Flaw registered as CVE-2013-0134, and restricting access would prevent an attacker from accessing the AirDroid web interface using stolen credentials from a blocked network location.
