Headline
CVE-2023-34836: CVE-2023-34836/README.md at main · sahiloj/CVE-2023-34836
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.
eScan Management Console 14.0.1400.2281 - Reflected Cross Site Scripting
Description: Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via vulnerable parameters like Dtltyp and ListName.
Vulnerable Product Version: 14.0.1400.2281
Date: 23/06/2023
CVE: CVE-2023-34836
CVE Author: Sahil Ojha
Vendor Homepage: https://www.escanav.com
Software Link: https://cl.escanav.com/ewconsole.dll
Tested on: Windows
Steps to reproduce:
Login into the eScan Management Console with a valid user credential. Here, escan management console is on internal network.
Navigate to “User Activity >> File Activity Report” feature.
Capture the GET request in burpsuite and inject the XSS paylaod into “Dtltyp” and “ListName” parameter as shown in fugure below.
After forwarding the request, an XSS alert will pop up which could be modified to extract user session cookie as well.