CVE-2023-33732: CVE-2023-33733/CVE-2023-33733.md at main · sahiloj/CVE-2023-33733

eScan Management Console 14.0.1400.2281 - Reflected Cross Site Scripting

Description: Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.

Vulnerable Product Version: 14.0.1400.2281

Date: 30/05/2023

CVE: CVE-2023-33733

CVE Author: Sahil Ojha

Vendor Homepage: https://www.escanav.com

Software Link: https://cl.escanav.com/ewconsole.dll

Tested on: Windows

Steps to reproduce:

1. Login into the eScan Management Console with a valid user credential.
2. Navigate to URL: https://cl.escanav.com/ewconsole/ewconsole.dll/AssignPolicyTemplate?type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&edit=0&txtPolicyType=&txtPolicyPath=!!!%24%5CPolicies&Deletefileval=Roaming%20Users_Policy2&defaultpolicy=1
3. After browsing the above mentioned URL, a XSS alert popped up with user session cookie as shown in figure below. Other vulnerable paramater’s in the above URL are Type, txtPolicyPath, Deletefileval.
4. By exploiting this vulnerability, any arbitrary attacker could have stolen an admin user session cookie to perform account takeover.