A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.
History

Fri, 27 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2023-07-31T05:32:14.662Z

Updated: 2024-09-27T21:58:28.665Z

Reserved: 2023-06-02T08:28:37.822Z

Link: CVE-2023-34360

cve-icon Vulnrichment

Updated: 2024-08-02T16:10:06.939Z

cve-icon NVD

Status : Modified

Published: 2023-07-31T06:15:09.873

Modified: 2024-11-21T08:07:05.733

Link: CVE-2023-34360

cve-icon Redhat

No data.