cbcvebase.

Escanav Escan Management Console vulnerabilities

10 known vulnerabilities affecting escanav/escan_management_console.

Total CVEs
10
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2023-31702P3HIGHCVSS 7.2PoCv14.0.1400.22812023-05-17
CVE-2023-31702 [HIGH] CWE-89 CVE-2023-31702: SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.
nvd
CVE-2023-31703P3CRITICALCVSS 9.0PoCv14.0.1400.22812023-05-17
CVE-2023-31703 [CRITICAL] CWE-79 CVE-2023-31703: Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.
nvd
CVE-2023-33730P3CRITICALCVSS 9.8v14.0.1400.22812023-05-31
CVE-2023-33730 [CRITICAL] CWE-319 CVE-2023-33730: Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.
nvd
CVE-2024-42919P3CRITICALCVSS 9.8v14.0.1400.22812024-08-20
CVE-2024-42919 [CRITICAL] CWE-284 CVE-2024-42919: eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVRepo eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.
nvd
CVE-2023-34838P4MEDIUMCVSS 5.4v14.0.1400.22812023-06-27
CVE-2023-34838 [MEDIUM] CWE-79 CVE-2023-34838: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
nvd
CVE-2023-33732P4MEDIUMCVSS 6.1v14.0.1400.22812023-05-31
CVE-2023-33732 [MEDIUM] CWE-79 CVE-2023-33732: Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management consol Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.
nvd
CVE-2023-33731P4MEDIUMCVSS 6.1v14.0.1400.22812023-06-02
CVE-2023-33731 [MEDIUM] CWE-79 CVE-2023-33731: Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.
nvd
CVE-2023-34836P4MEDIUMCVSS 5.4v14.0.1400.22812023-06-27
CVE-2023-34836 [MEDIUM] CWE-79 CVE-2023-34836: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.
nvd
CVE-2023-34835P4MEDIUMCVSS 5.4v14.0.1400.22812023-06-27
CVE-2023-34835 [MEDIUM] CWE-79 CVE-2023-34835: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.
nvd
CVE-2023-34837P4MEDIUMCVSS 5.4v14.0.1400.22812023-06-27
CVE-2023-34837 [MEDIUM] CWE-79 CVE-2023-34837: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
nvd
Escanav Escan Management Console vulnerabilities | cvebase