Vulnerabilities (CVE)

Filtered by vendor Asus Subscribe
Filtered by product Download Master
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-31161 1 Asus 1 Download Master 2024-11-21 N/A 7.2 HIGH
The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.
CVE-2024-31160 1 Asus 1 Download Master 2024-11-21 N/A 4.8 MEDIUM
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.
CVE-2024-31159 1 Asus 1 Download Master 2024-11-21 N/A 4.8 MEDIUM
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.