PT-2025-12776 · Asustor · Adm
Engin Aydoğan
·
Published
2025-03-25
·
Updated
2025-07-18
·
CVE-2025-7380
CVSS v4.0
4.8
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
ADM versions 4.1.0 through 4.3.3.RH61
ADM version 5.0.0.RIN1 and earlier
Description:
A stored Cross-Site Scripting (XSS) issue exists in the Access Control of ADM. The vulnerability allows an attacker to inject malicious scripts into the folder name field when creating a new shared folder. These scripts are not properly sanitized and will be executed when the folder name is displayed in the user interface. This allows attackers to execute arbitrary JavaScript in the context of another user's session, potentially accessing session cookies or other sensitive data.
Recommendations:
Update ADM to a version later than 5.0.0.RIN1.
Update ADM to a version later than 4.3.3.RH61.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adm