Lucene search
TwcertCVELIST:CVE-2024-31160HistoryJun 14, 2024 - 3:41 a.m.
CVE-2024-31160 ASUS Download Master - Stored XSS
2024-06-1403:41:21
CWE-79
twcert
www.cve.org
asus download master
stored xss
cve-2024-31160
cross-site scripting
administrative privilege
remote attacker
javascript code
parameter filtering
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.0%
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Download Master",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "3.1.0.113",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
}
]
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.0%
Related for CVELIST:CVE-2024-31160