CVE-2024-31160

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.
Configurations

Configuration 1 (hide)

cpe:2.3:a:asus:download_master:*:*:*:*:*:*:*:*

History

16 Aug 2024, 20:27

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-7864-d7a0d-2.html - () https://www.twcert.org.tw/en/cp-139-7864-d7a0d-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7863-49a2d-1.html - () https://www.twcert.org.tw/tw/cp-132-7863-49a2d-1.html - Third Party Advisory
CPE cpe:2.3:a:asus:download_master:*:*:*:*:*:*:*:*
First Time Asus download Master
Asus

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) El parámetro utilizado en determinada página de ASUS Download Master no se filtra correctamente para la entrada del usuario. Un atacante remoto con privilegios administrativos puede insertar código JavaScript en el parámetro para ataques de Cross-Site Scripting Almacenado.

14 Jun 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-14 04:15

Updated : 2024-08-16 20:27


NVD link : CVE-2024-31160

Mitre link : CVE-2024-31160

CVE.ORG link : CVE-2024-31160


JSON object : View

Products Affected

asus

  • download_master
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')