The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-7862-e43e4-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-7861-1a06f-1.html | Third Party Advisory |
Configurations
History
16 Aug 2024, 20:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Asus download Master
Asus |
|
References | () https://www.twcert.org.tw/en/cp-139-7862-e43e4-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-7861-1a06f-1.html - Third Party Advisory | |
CPE | cpe:2.3:a:asus:download_master:*:*:*:*:*:*:*:* |
17 Jun 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-14 04:15
Updated : 2024-08-16 20:27
NVD link : CVE-2024-31159
Mitre link : CVE-2024-31159
CVE.ORG link : CVE-2024-31159
JSON object : View
Products Affected
asus
- download_master
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')