Vulnerabilities > Asustor > Data Master
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-27 | CVE-2018-15699 | Cross-site Scripting vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. | 6.1 |
| 2018-08-27 | CVE-2018-15698 | Information Exposure vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. | 6.5 |
| 2018-08-27 | CVE-2018-15697 | Information Exposure vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. | 6.5 |
| 2018-08-27 | CVE-2018-15696 | Information Exposure vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. | 4.3 |
| 2018-08-27 | CVE-2018-15695 | Path Traversal vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | 6.5 |
| 2018-08-27 | CVE-2018-15694 | Path Traversal vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. | 7.5 |