CVE-2023-2509 HIGH

CVE-2023-2509: A Cross-Site Scripting(XSS) vulnerability was found on ADM

Vendor Asustor

Product ADM

Weakness CWE-79 · XSS

Published May 17, 2023

Last update January 22, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.

Key dates

02Disclosure timeline

May 17, 2023 CVE published

January 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-2509 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2023-2509

CWE CWE-79

CVSS 7.1 / HIGH

Affected versions

Vendor Asustor

Product ADM

Affected ≥ 4.0 and ≤ 4.0.6.REG2

Vendor Asustor

Product ADM

Affected ≥ 4.1 and ≤ 4.1.0.RLQ1

Vendor Asustor

Product ADM

Affected ≥ 4.2 and ≤ 4.2.1.RGE2

Vendor Asustor

Product LooksGood

Affected ≥ 2.0 and ≤ 2.0.0.R129

Vendor Asustor

Product SoundsGood

Affected ≥ 2.3 and ≤ 2.3.0.r1027

CVE-2023-2509: A Cross-Site Scripting(XSS) vulnerability was found on ADM

01Description

02Disclosure timeline

03References

04Related CVE