A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.
Published 2023-07-31 06:15:10
Updated 2023-08-04 17:27:02
Source TWCERT/CC
View at NVD,   CVE.org
Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2023-34360

Exploit prediction scoring system (EPSS) score for CVE-2023-34360

0.06%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-34360

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.4
MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2.3
2.7
NIST
8.2
HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2.3
5.3
TWCERT/CC

CWE ids for CVE-2023-34360

References for CVE-2023-34360

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!