PT-2018-10501 · Asustor · Asustor Soundsgood
Matthew Fulton
·
Published
2018-05-22
·
Updated
2019-03-20
·
CVE-2018-11343
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
ASUSTOR SoundsGood (affected versions not specified)
Description
A persistent cross-site scripting issue in the playlistmanger.cgi component of the ASUSTOR SoundsGood application allows attackers to store cross-site scripting payloads via the
playlist parameter in POST requests.Recommendations
For the affected version, consider restricting access to the
playlistmanger.cgi component until a patch is available. As a temporary workaround, avoid using the playlist parameter in POST requests to the vulnerable endpoint.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asustor Soundsgood