ASUSTOR ADM Stored Cross-Site Scripting Vulnerability in Access Control

Vulnerability

A stored Cross-Site Scripting vulnerability has been identified in the Access Control of ASUSTOR's ADM. This vulnerability allows attackers to inject malicious scripts into the folder name field when creating a new shared folder. The injected scripts are not properly sanitized and are executed when the folder name is displayed in the user interface. This could enable attackers to execute arbitrary JavaScript in the context of another user's session, potentially accessing session cookies or other sensitive information. The vulnerability affects ASUSTOR ADM versions 4.1.0 through 4.3.3.RH61, as well as ADM 5.0.0.RIN1 and earlier.

Impact

Exploitation of this vulnerability allows for stored Cross-Site Scripting, where injected scripts are executed in the context of the user viewing the folder name, potentially leading to the theft of session cookies or other sensitive data.

Added: Jul 14, 2025, 6:18 AM

Updated: Jul 14, 2025, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

3.5

exploitability

5.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

3.5

exploitability

5.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ASUSTOR ADM Stored Cross-Site Scripting Vulnerability in Access Control

Vulnerability

Impact

Affected Products

ASUSTOR ADM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating