XSS Vulnerability in ASUSTOR Data Master by ASUSTOR
CVE-2018-15699

6.1MEDIUM

Key Information:

Vendor: Tenable
Status: Asustor Data Master
Vendor: CVE Published:; 27 August 2018

What is CVE-2018-15699?

ASUSTOR Data Master versions up to 3.1.5 are susceptible to an XSS vulnerability due to improper handling of HTTP requests for configuration files. This flaw allows a man-in-the-middle attacker to inject malicious JavaScript into the configuration files, potentially leading to unauthorized actions and data exposure when users interact with the affected service.

Affected Version(s)

ASUSTOR Data Master 3.1.5 and below

References

https://www.tenable.com/security/research/tra-2018-22

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 27, 2018
Vulnerability Reserved
Aug 22, 2018

Tenable

What is CVE-2018-15699?

Affected Version(s)

References

CVSS V3.1

Timeline