Headline

CVE-2023-34837: CVE-2023-34837/README.md at main · sahiloj/CVE-2023-34837

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.

1 year ago

CVE

Open in Source

#xss #vulnerability #windows #auth

eScan Management Console 14.0.1400.2281 - Reflected Cross Site Scripting

Description: Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath .

Vulnerable Product Version: 14.0.1400.2281

Date: 23/06/2023

CVE: CVE-2023-34837

CVE Author: Sahil Ojha

Vendor Homepage: https://www.escanav.com

Software Link: https://cl.escanav.com/ewconsole.dll

Tested on: Windows

Steps to reproduce:

Login into the eScan Management Console with a valid user credential. Here, escan management console is on internal network.
Navigate to “Unmanaged Computers >> Network Computers” feature.
Capture the POST request in burpsuite and inject the XSS paylaod into “GrpPath” parameter as shown in fugure below.
After forwarding the request, an XSS alert will pop up with user session cookie.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

12 months ago

12 months ago

12 months ago

12 months ago

12 months ago