我們使用 cookie 來幫助我們改善網頁體驗。請閱讀我們的 Cookie 政策

AS-2023-004: XSS issue on ADM, LooksGood and SoundsGood

2024-05-14

Severity

Important

Status

Resolved


Statement

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application.

  • The issue has been fixed on ADM 4.2.2.RI61 and ADM 4.0.6.RIS1.
  • The issue has been fixed on LooksGood 2.0.0.R136.
  • The issue has been fixed on SoundsGood 2.3.0.r1087 and above.

Affected Products

Product Severity Fixed Release Availability
ADM 4.2 and 4.1 Important Upgrade to ADM 4.2.2.RI61 or above.
ADM 4.0 Important Upgrade to 4.0.6.RIS1 or above.
LooksGood Important Upgrade to LooksGood 2.0.0.R136 or above.
SoundGood Important Upgrade to SoundsGood 2.3.0.r1087 or above.

Detail

  • CVE-2023-2509
    • Severity: High
    • CVSS3 Base Score: 7.1
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
    • A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.

Acknowledgement

Zhiyong Xing, Inner Mongolia Xinyuan Network Security Technology Co., Ltd., China


Revision

Revision Date Description
1 2023-05-12 Initial public release.
2 2023-05-17 CVE ID (CVE-2023-2509) is assigned for the issue.
3 2023-06-06 Release ADM 4.2.2.RI61 to fix the issue.
4 2023-06-29 Release ADM 4.0.6.RIS1 to fix the issue.
5 2024-01-24 Release LooksGood 2.0.0.R136 to fix the issue.
6 2024-05-14 Release SoundsGood 2.3.0.r1087, 2.3.1.r1066 and 2.3.1.r1074 to fix the issue.