MEDIUM🇵🇱 Wersja polska

CVE-2023-34836

CVSS 5.4v3.1pub. 2023-06-27upd. 2024-11-21

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Escanav Escan Management Console

    APP
    Escanav
    14.0.1400.2281
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEXSS
CWE
References

Related vulnerabilities

CVE-2024-42919CRITICAL9.8PL ✓ten sam produkt

Błąd kontroli dostępu w eScan Management Console (acteScanAVReport)

CVE-2023-33730CRITICAL9.8ten sam produkt

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 1...

CVE-2023-31703CRITICAL9.0ten sam produkt

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400...

CVE-2023-31702HIGH7.2ten sam produkt

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote att...

CVE-2023-34835MEDIUM5.4ten sam produkt

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...