The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-7864-d7a0d-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-7863-49a2d-1.html | Third Party Advisory |
Configurations
History
16 Aug 2024, 20:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/en/cp-139-7864-d7a0d-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-7863-49a2d-1.html - Third Party Advisory | |
CPE | cpe:2.3:a:asus:download_master:*:*:*:*:*:*:*:* | |
First Time |
Asus download Master
Asus |
17 Jun 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-14 04:15
Updated : 2024-08-16 20:27
NVD link : CVE-2024-31160
Mitre link : CVE-2024-31160
CVE.ORG link : CVE-2024-31160
JSON object : View
Products Affected
asus
- download_master
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')