A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NEscanav Escan Management Console
APPEscanav14.0.1400.2281
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2024-42919CRITICAL9.8PL ✓ten sam produkt
Błąd kontroli dostępu w eScan Management Console (acteScanAVReport)
CVE-2023-33730CRITICAL9.8ten sam produkt
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 1...
CVE-2023-31703CRITICAL9.0ten sam produkt
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400...
CVE-2023-31702HIGH7.2ten sam produkt
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote att...
CVE-2023-34836MEDIUM5.4ten sam produkt
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...