vendor:
eScan Management Console
by:
Sahil Ojha
N/A
CVSS
CRITICAL
Cross Site Scripting
79
CWE
Product Name: eScan Management Console
Affected Version From: 14.0.1400.2281
Affected Version To: 14.0.1400.2281
Patch Exists: NO
Related CWE: CVE-2023-31703
CPE: cl.escanav.com/ewconsole.dll
Platforms Tested: Windows
2023
eScan Management Console 14.0.1400.2281 – Cross Site Scripting
By injecting a malicious payload into the 'from' parameter of a specific URL, an attacker can trigger a cross-site scripting vulnerability in eScan Management Console version 14.0.1400.2281. This allows the attacker to execute arbitrary code in the context of the user's browser, potentially leading to session hijacking and account takeover.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of eScan Management Console that addresses the cross-site scripting issue. Additionally, input validation and output encoding should be implemented to prevent the execution of malicious scripts.