CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2024-42919
https://notcve.org/view.php?id=CVE-2024-42919
20 Aug 2024 — eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. • https://github.com/jeyabalaji711/CVE-2024-42919 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 2CVE-2023-34835
https://notcve.org/view.php?id=CVE-2023-34835
27 Jun 2023 — A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. • https://github.com/sahiloj/CVE-2023-34835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 2CVE-2023-34836
https://notcve.org/view.php?id=CVE-2023-34836
27 Jun 2023 — A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. • https://github.com/sahiloj/CVE-2023-34836 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 2CVE-2023-34837
https://notcve.org/view.php?id=CVE-2023-34837
27 Jun 2023 — A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. • https://github.com/sahiloj/CVE-2023-34837 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 2CVE-2023-34838
https://notcve.org/view.php?id=CVE-2023-34838
27 Jun 2023 — A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. • https://github.com/sahiloj/CVE-2023-34838 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-33731
https://notcve.org/view.php?id=CVE-2023-33731
02 Jun 2023 — Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. • https://github.com/sahiloj/CVE-2023-33731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2023-33730
https://notcve.org/view.php?id=CVE-2023-33730
31 May 2023 — Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. • https://github.com/sahiloj/CVE-2023-33730 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33732
https://notcve.org/view.php?id=CVE-2023-33732
31 May 2023 — Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval. • https://github.com/sahiloj/CVE-2023-33732 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 1%CPEs: 1EXPL: 5CVE-2023-31702 – eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
https://notcve.org/view.php?id=CVE-2023-31702
17 May 2023 — SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1. eScan Management Console version 14.0.1400.2281 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/172545 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 5CVE-2023-31703 – eScan Management Console 14.0.1400.2281 - Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-31703
17 May 2023 — Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. eScan Management Console version 14.0.1400.2281 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/172540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •