o Estsoft Co,Ltd released security update to address cross-site scripting vulnerability in ALSong.
o ALSong contains a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. (CVE-2020-7809)
o A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file.
□ Affected Products
3.46 and prior
o Update software over 3.47 version
□ Reference site
o Thanks to Daejin Oh for reporting this vulnerability