CVE-2023-2509

Published: May 17, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.

Affected (10)

Products: Asustor: Adm, Looksgood, Soundsgood

3 products

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Asustor Adm	Version 4.0.0
Asustor Adm	Version 4.0.6 reg2
Asustor Adm	Version 4.1.0
Asustor Adm	Version 4.1.0 rlq1
Asustor Adm	Version 4.2.1
Asustor Adm	Version 4.2.1 rge2
Asustor Looksgood	Version 2.0.0
Asustor Looksgood	Version 2.0.0 r129
Asustor Soundsgood	Version 2.3.0
Asustor Soundsgood	Version 2.3.0 r1027

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.asustor.com/security/security_advisory_detail?id=22

Source: security@asustor.com

Vendor Advisory

https://www.asustor.com/security/security_advisory_detail?id=22

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.