CVE-2023-2509
published 2023-05-17CVE-2023-2509: A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.34%
25.6th percentile
A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asustor | adm | — | — |
| asustor | adm | — | — |
| asustor | adm | — | — |
| asustor | adm | — | — |
| asustor | adm | 4.0 – 4.0.6.REG2 | — |
| asustor | adm | 4.1 – 4.1.0.RLQ1 | — |
| asustor | adm | 4.2 – 4.2.1.RGE2 | — |
| asustor | looksgood | — | — |
| asustor | looksgood | 2.0 – 2.0.0.R129 | — |
| asustor | soundsgood | — | — |
| asustor | soundsgood | 2.3 – 2.3.0.r1027 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-69cg-q6pw-v79j: A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps
ghsa_unreviewed·2023-05-17
CVE-2023-2509 [MEDIUM] CWE-79 GHSA-69cg-q6pw-v79j: A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps
A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.
Oracle
Oracle Oracle Communications Risk Matrix: Policy (Oracle Linux) — CVE-2022-2509
vendor_oracle·2023-01-15·CVSS 7.5
CVE-2022-2509 [HIGH] Oracle Oracle Communications Risk Matrix: Policy (Oracle Linux) — CVE-2022-2509
Oracle Oracle Communications Risk Matrix: Policy (Oracle Linux) vulnerability
CVE: CVE-2022-2509
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2023 (JAN 2023)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-17
Published