203 matches found
CVE-2023-34835
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable deletefile parameter...
MicroWorld Technologies eScan Management Console 跨站脚本漏洞
The MicroWorld Technologies eScan Management Console is an eScan management console from MicroWorld Technologies, Inc. A cross-site scripting vulnerability exists in Microworld Technologies eScan Management console version v.14.0.1400.2281, which originates from a vulnerability that allows a remo...
MicroWorld Technologies eScan Management Console 跨站脚本漏洞
MicroWorld Technologies eScan Management Console is an eScan management console from MicroWorld Technologies, Inc. A cross-site scripting vulnerability exists in Microworld Technologies eScan Management console version v.14.0.1400.2281, which originates from a vulnerability that allows remote...
CVE-2023-34836
The CVE-2023-34836 entry concerns Microworld Technologies’ eScan Management Console, version 14.0.1400.2281. The vulnerability is a Cross Site Scripting (XSS) flaw that enables a remote attacker to execute arbitrary code by crafting scripts passed via the Dtltyp and ListName parameters. This is r...
CVE-2023-34835
The vulnerability CVE-2023-34835 affects Microworld Technologies eScan Management Console 14.0.1400.2281. A Cross Site Scripting flaw exists in the delete_file parameter, enabling a remote attacker to inject and execute arbitrary JavaScript. The issue is documented in PT-2023-25021 with the affec...
MicroWorld Technologies eScan Management Console 跨站脚本漏洞
MicroWorld Technologies eScan Management Console is an eScan management console from MicroWorld Technologies, Inc. A cross-site scripting vulnerability exists in Microworld Technologies eScan Management console version v.14.0.1400.2281, which originates from a vulnerability that allows remote...
CVE-2023-34837
Microworld Technologies eScan Management Console ver. 14.0.1400.2281 is affected by a Cross-Site Scripting vulnerability where the GrpPath parameter is vulnerable. Root cause: insufficient input validation in GrpPath enables remote code execution in affected web UI. Impact, per CVSS 3.1 vector, i...
PT-2023-25021 · Microworld Technologies · Escan Management Console
Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan Management console version 14.0.1400.2281 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete file parameter. This enables the attacker ...
CVE-2023-33731
Reflected Cross Site Scripting XSS in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly...
CVE-2023-33731
Reflected Cross Site Scripting XSS in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly...
PT-2023-24460 · Microworld Technologies · Escan
Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan management console version 14.0.1400.2281 Description: The issue concerns a Reflected Cross Site Scripting XSS in the view dashboard detail feature, allowing a remote attacker to inject arbitrary code via the URL...
CVE-2023-33731
Reflected Cross Site Scripting XSS in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly...
CVE-2023-33731
Microworld Technologies eScan management console (version 14.0.1400.2281) is affected by a Reflected Cross Site Scripting (XSS) vulnerability in the view dashboard detail feature. The flaw allows an attacker to inject arbitrary script via a URL parameter (DashBoardDetails), with evidence of explo...
CVE-2023-33730
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format...
CVE-2023-33732
Cross Site Scripting XSS in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval...
CVE-2023-33732
Cross Site Scripting XSS in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval...
CVE-2023-33732
Cross Site Scripting XSS in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval...
CVE-2023-33730
The CVE-2023-33730 vulnerability affects Microworld Technologies eScan Management Console version 14.0.1400.2281, in the GetUserCurrentPwd function, allowing remote attackers to retrieve plaintext passwords for admins or users. The underlying issue enables privilege escalation and full account co...
CVE-2023-33730
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format...
CVE-2023-33730
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format...