Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HEscanav Escan Management Console
APPEscanav14.0.1400.2281
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
Powiązane podatności
CVE-2024-42919CRITICAL9.8PL ✓ten sam produkt
Błąd kontroli dostępu w eScan Management Console (acteScanAVReport)
CVE-2023-33730CRITICAL9.8ten sam produkt
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 1...
CVE-2023-31702HIGH7.2ten sam produkt
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote att...
CVE-2023-34835MEDIUM5.4ten sam produkt
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...
CVE-2023-34836MEDIUM5.4ten sam produkt
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...