CVE-2024-31159

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 55.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Download Master
Timeline
PublishedJun 14

Description

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDasus/download_master< 3.1.0.114
CVEListV5asus/download_masterearlier3.1.0.113

🔴Vulnerability Details

2
GHSA
GHSA-xrp8-g9fj-ww86: The parameter used in the certain page of ASUS Download Master is not properly filtered for user input2024-06-14
CVEList
ASUS Download Master - Reflected XSS2024-06-14
CVE-2024-31159 (MEDIUM CVSS 4.8) | The parameter used in the certain p | cvebase.io