A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.
https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation