본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CWE-2020-7809 | Estsoft ALSong DOM-Based XSS Vulnerability2020.05.14
□ Overview
 o Estsoft Co,Ltd released security update to address cross-site scripting vulnerability in ALSong.
Vulerability Type Impact Severity CVSS Score CVE ID
Cross-Site Scripting Code execution MEDIUM 4.4 CVE-2020-7809
 
□ Description
 o ALSong contains a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. (CVE-2020-7809)
 o A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file.

□ Affected Products
Product Version Platform
ALSong 3.46 and prior Windows OS
 
□ Solution
 o Update software over 3.47 version 

□ Reference site
 [1] https://www.altools.co.kr/support/Notice_Contents.aspx?idx=1808&page=3&t=
 
□ Acknowledgements
 o Thanks to Daejin Oh for reporting this vulnerability
 


□ 작성 : 침해사고분석단 취약점분석팀