A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2023-07-31T05:32:14.662Z
Updated: 2024-08-02T16:10:06.939Z
Reserved: 2023-06-02T08:28:37.822Z
Link: CVE-2023-34360
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-31T06:15:09.873
Modified: 2023-08-04T17:27:01.823
Link: CVE-2023-34360
Redhat
No data.