Headline

CVE-2023-34838: CVE-2023-34838/README.md at main · sahiloj/CVE-2023-34838

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.

1 year ago

CVE

Open in Source

#xss #vulnerability #windows #auth

eScan Management Console 14.0.1400.2281 - Stored Cross Site Scripting

Description: Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.

Vulnerable Product Version: 14.0.1400.2281

Date: 23/06/2023

CVE: CVE-2023-34838

CVE Author: Sahil Ojha

Vendor Homepage: https://www.escanav.com

Software Link: https://cl.escanav.com/ewconsole.dll

Tested on: Windows

Steps to reproduce:

Login into the eScan Management Console with a valid user credential. Here, escan management console is on internal network.
Navigate to url http://192.168.1.1:10443/ewconsole/ewconsole.dll/NewRole and inject the XSS paylaod in description parameter.
Select any group and save the new role detail. A XSS alert will pop up which can be also modified to extract admin session cookie.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

12 months ago

12 months ago

12 months ago

12 months ago

12 months ago