Vulnerabilities > Asus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-14 | CVE-2024-31159 | Cross-site Scripting vulnerability in Asus Download Master The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. | 4.8 |
| 2024-06-14 | CVE-2024-31160 | Cross-site Scripting vulnerability in Asus Download Master The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. | 4.8 |
| 2023-07-31 | CVE-2023-34360 | Cross-site Scripting vulnerability in Asus Rt-Ax88U Firmware A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code. | 5.4 |
| 2023-06-13 | CVE-2023-31195 | Cleartext Transmission of Sensitive Information vulnerability in Asus Rt-Ax3000 Firmware ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. | 5.3 |
| 2023-06-12 | CVE-2023-34941 | Cross-site Scripting vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39 A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. | 5.4 |
| 2023-05-02 | CVE-2023-29772 | Cross-site Scripting vulnerability in Asus Rt-Ac51U Firmware 3.0.0.4.380.8228/3.0.0.4.380.8591 A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | 5.2 |
| 2022-10-18 | CVE-2022-36439 | Unspecified vulnerability in Asus products AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. | 6.0 |
| 2022-09-28 | CVE-2022-38699 | Link Following vulnerability in Asus Armoury Crate Service 5.1.5.0 Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. | 5.9 |
| 2022-09-26 | CVE-2021-41437 | Injection vulnerability in Asus Rt-Ax88U Firmware An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | 6.5 |
| 2022-07-01 | CVE-2022-32988 | Cross-site Scripting vulnerability in Asus Dsl-N14U-B1 Firmware 1.1.2.3805 Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. | 5.4 |