Lucene search
TwcertCVE-2024-31160HistoryJun 14, 2024 - 4:15 a.m.
CVE-2024-31160
2024-06-1404:15:42
CWE-79
twcert
web.nvd.nist.gov
25
cve-2024-31160
parameter filtering
user input
remote attacker
javascript code
stored xss
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
5.1
Confidence
High
EPSS
0
Percentile
14.0%
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.
Affected configurations
Node
asusdownload_masterRange<3.1.0.114
| Vendor | Product | Version | CPE |
|---|---|---|---|
| asus | download_master | * | cpe:2.3:a:asus:download_master:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Download Master",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.1.0.113",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
CVE-2024-31160 ASUS Download Master - Stored XSS
2024-06-14 03:41:21
nvd
nvd
CVE-2024-31160
2024-06-14 04:15:42
vulnrichment
vulnrichment
CVE-2024-31160 ASUS Download Master - Stored XSS
2024-06-14 03:41:21
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
5.1
Confidence
High
EPSS
0
Percentile
14.0%
Related for CVE-2024-31160