Headline
CVE-2023-33732: CVE-2023-33733/CVE-2023-33733.md at main · sahiloj/CVE-2023-33733
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.
eScan Management Console 14.0.1400.2281 - Reflected Cross Site Scripting
Description: Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.
Vulnerable Product Version: 14.0.1400.2281
Date: 30/05/2023
CVE: CVE-2023-33733
CVE Author: Sahil Ojha
Vendor Homepage: https://www.escanav.com
Software Link: https://cl.escanav.com/ewconsole.dll
Tested on: Windows
Steps to reproduce:
- Login into the eScan Management Console with a valid user credential.
- Navigate to URL: https://cl.escanav.com/ewconsole/ewconsole.dll/AssignPolicyTemplate?type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&edit=0&txtPolicyType=&txtPolicyPath=!!!%24%5CPolicies&Deletefileval=Roaming%20Users_Policy2&defaultpolicy=1
- After browsing the above mentioned URL, a XSS alert popped up with user session cookie as shown in figure below. Other vulnerable paramater’s in the above URL are Type, txtPolicyPath, Deletefileval.
- By exploiting this vulnerability, any arbitrary attacker could have stolen an admin user session cookie to perform account takeover.
Related news
Ubuntu Security Notice 6196-1 - It was discovered that ReportLab incorrectly handled certain PDF files. An attacker could possibly use this issue to execute arbitrary code.
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.