cbcvebase.
CVE-2023-2509
published 2023-05-17

CVE-2023-2509: A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious…

PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.34%
25.6th percentile
A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.

Affected

11 ranges
VendorProductVersion rangeFixed in
asustoradm
asustoradm
asustoradm
asustoradm
asustoradm4.0 – 4.0.6.REG2
asustoradm4.1 – 4.1.0.RLQ1
asustoradm4.2 – 4.2.1.RGE2
asustorlooksgood
asustorlooksgood2.0 – 2.0.0.R129
asustorsoundsgood
asustorsoundsgood2.3 – 2.3.0.r1027

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.