Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistASUSTOR1CVELIST:CVE-2023-2509
HistoryMay 17, 2023 - 6:33 a.m.

CVE-2023-2509 A Cross-Site Scripting(XSS) vulnerability was found on ADM

2023-05-1706:33:37
CWE-79
ASUSTOR1
www.cve.org
1
cross-site scripting
vulnerability
adm
looksgood
soundsgood
cookies
sensitive information

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

18.3%

JSON

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Web Center",
    "platforms": [
      "Linux",
      "x86",
      "64 bit",
      "ARM"
    ],
    "product": "ADM",
    "vendor": "ASUSTOR",
    "versions": [
      {
        "lessThanOrEqual": "4.0.6.REG2",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.1.0.RLQ1",
        "status": "affected",
        "version": "4.1",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.2.1.RGE2",
        "status": "affected",
        "version": "4.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "x86",
      "ARM",
      "64 bit"
    ],
    "product": "LooksGood",
    "vendor": "ASUSTOR",
    "versions": [
      {
        "lessThanOrEqual": "2.0.0.R129",
        "status": "affected",
        "version": "2.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux",
      "x86",
      "ARM",
      "64 bit"
    ],
    "product": "SoundsGood",
    "vendor": "ASUSTOR",
    "versions": [
      {
        "lessThanOrEqual": "2.3.0.r1027",
        "status": "affected",
        "version": "2.3",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
prion 1
cve 1
nvd
nvd
CVE-2023-2509
2023-05-17 07:15:08
prion
prion
Cross site scripting
2023-05-17 07:15:00
cve
cve
CVE-2023-2509
2023-05-17 07:15:08

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

18.3%

JSON
Related for CVELIST:CVE-2023-2509
nvd1prion1cve1