Escanav Escan Management Console vulnerabilities
10 known vulnerabilities affecting escanav/escan_management_console.
Total CVEs
10
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2023-31702P3HIGHCVSS 7.2PoCv14.0.1400.22812023-05-17
CVE-2023-31702 [HIGH] CWE-89 CVE-2023-31702: SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.
nvd
CVE-2023-31703P3CRITICALCVSS 9.0PoCv14.0.1400.22812023-05-17
CVE-2023-31703 [CRITICAL] CWE-79 CVE-2023-31703: Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.
nvd
CVE-2023-33730P3CRITICALCVSS 9.8v14.0.1400.22812023-05-31
CVE-2023-33730 [CRITICAL] CWE-319 CVE-2023-33730: Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.
nvd
CVE-2024-42919P3CRITICALCVSS 9.8v14.0.1400.22812024-08-20
CVE-2024-42919 [CRITICAL] CWE-284 CVE-2024-42919: eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVRepo
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.
nvd
CVE-2023-34838P4MEDIUMCVSS 5.4v14.0.1400.22812023-06-27
CVE-2023-34838 [MEDIUM] CWE-79 CVE-2023-34838: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.
nvd
CVE-2023-33732P4MEDIUMCVSS 6.1v14.0.1400.22812023-05-31
CVE-2023-33732 [MEDIUM] CWE-79 CVE-2023-33732: Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management consol
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.
nvd
CVE-2023-33731P4MEDIUMCVSS 6.1v14.0.1400.22812023-06-02
CVE-2023-33731 [MEDIUM] CWE-79 CVE-2023-33731: Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.
nvd
CVE-2023-34836P4MEDIUMCVSS 5.4v14.0.1400.22812023-06-27
CVE-2023-34836 [MEDIUM] CWE-79 CVE-2023-34836: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.
nvd
CVE-2023-34835P4MEDIUMCVSS 5.4v14.0.1400.22812023-06-27
CVE-2023-34835 [MEDIUM] CWE-79 CVE-2023-34835: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.
nvd
CVE-2023-34837P4MEDIUMCVSS 5.4v14.0.1400.22812023-06-27
CVE-2023-34837 [MEDIUM] CWE-79 CVE-2023-34837: A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath.
nvd