Vulnerabilities > Asustor > Data Master > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2023-3699 | Unspecified vulnerability in Asustor Data Master An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. | 5.5 |
| 2023-08-22 | CVE-2023-4475 | Files or Directories Accessible to External Parties vulnerability in Asustor Data Master An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. | 5.5 |
| 2018-12-04 | CVE-2018-12315 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Asustor Data Master 3.1.1 Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. | 6.5 |
| 2018-12-04 | CVE-2018-12311 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. | 5.4 |
| 2018-12-04 | CVE-2018-12310 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. | 5.4 |
| 2018-12-04 | CVE-2018-12308 | Information Exposure vulnerability in Asustor Data Master 3.1.1 Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. | 6.5 |
| 2018-12-04 | CVE-2018-12305 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. | 6.1 |
| 2018-08-27 | CVE-2018-15699 | Cross-site Scripting vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. | 6.1 |
| 2018-08-27 | CVE-2018-15698 | Information Exposure vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. | 6.5 |
| 2018-08-27 | CVE-2018-15697 | Information Exposure vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. | 6.5 |