CVE-2024-31159

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.
Configurations

Configuration 1 (hide)

cpe:2.3:a:asus:download_master:*:*:*:*:*:*:*:*

History

16 Aug 2024, 20:27

Type Values Removed Values Added
First Time Asus download Master
Asus
References () https://www.twcert.org.tw/en/cp-139-7862-e43e4-2.html - () https://www.twcert.org.tw/en/cp-139-7862-e43e4-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7861-1a06f-1.html - () https://www.twcert.org.tw/tw/cp-132-7861-1a06f-1.html - Third Party Advisory
CPE cpe:2.3:a:asus:download_master:*:*:*:*:*:*:*:*

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) El parámetro utilizado en determinada página de ASUS Download Master no se filtra correctamente para la entrada del usuario. Un atacante remoto con privilegios administrativos puede insertar código JavaScript en el parámetro para ataques de Cross-site scripting reflejado.

14 Jun 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-14 04:15

Updated : 2024-08-16 20:27


NVD link : CVE-2024-31159

Mitre link : CVE-2024-31159

CVE.ORG link : CVE-2024-31159


JSON object : View

Products Affected

asus

  • download_master
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')