CVE-2023-34360
published 2023-07-31CVE-2023-34360: A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asus | rt-ax88u | – 3.0.0.4.388.23110 | — |
| asus | rt-ax88u_firmware | <= 3.0.0.4.388.23110 | — |