We use cookies to help us improve our webpage. Please read our Cookie Policy .

ASUSTOR Product Security Advisory

AS-2023-004: XSS issue on ADM, LooksGood and SoundsGood

2024-01-24

Severity

Important

Status

Ongoing

Statement

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application.

  • The issue has been fixed on ADM 4.2.2.RI61 and ADM 4.0.6.RIS1.
  • The issue has been fixed on LooksGood 2.0.0.R136.

Affected Products

Product Severity Fixed Release Availability
ADM 4.2 and 4.1 Important Upgrade to ADM 4.2.2.RI61 or above.
ADM 4.0 Important Upgrade to 4.0.6.RIS1 or above.
LooksGood Important Upgrade to LooksGood 2.0.0.R136 or above.
SoundGood Important Ongoing.

Detail

  • CVE-2023-2509
    • Severity: High
    • CVSS3 Base Score: 7.1
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
    • A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.

Acknowledgement

Zhiyong Xing, Inner Mongolia Xinyuan Network Security Technology Co., Ltd., China


Revision

Revision Date Description
1 2023-05-12 Initial public release.
2 2023-05-17 CVE ID (CVE-2023-2509) is assigned for the issue.
3 2023-06-06 Release ADM 4.2.2.RI61 to fix the issue.
4 2023-06-29 Release ADM 4.0.6.RIS1 to fix the issue.
5 2024-01-24 Release LooksGood 2.0.0.R136 to fix the issue.