Lucene search

[email protected]NVD:CVE-2023-34360

HistoryJul 31, 2023 - 6:15 a.m.

CVE-2023-34360

2023-07-3106:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-34360

cross-site scripting

asus rt-ax88u

firmware

image upload

javascript

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.

Affected configurations

NVD

Node

asusrt-ax88u_firmwareRange≤3.0.0.4.388.23110

AND

asusrt-ax88uMatch-

References

https://www.twcert.org.tw/tw/cp-132-7281-dc87d-1.html