CVE-2023-34836
https://notcve.org/view.php?id=CVE-2023-34836
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. • https://github.com/sahiloj/CVE-2023-34836 https://github.com/sahiloj/CVE-2023-34836/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-34837
https://notcve.org/view.php?id=CVE-2023-34837
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. • https://github.com/sahiloj/CVE-2023-34837 https://github.com/sahiloj/CVE-2023-34837/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-34835
https://notcve.org/view.php?id=CVE-2023-34835
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. • https://github.com/sahiloj/CVE-2023-34835 https://github.com/sahiloj/CVE-2023-34835/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-34838
https://notcve.org/view.php?id=CVE-2023-34838
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. • https://github.com/sahiloj/CVE-2023-34838 https://github.com/sahiloj/CVE-2023-34838/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-33731
https://notcve.org/view.php?id=CVE-2023-33731
Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. • https://github.com/sahiloj/CVE-2023-33731 https://github.com/sahiloj/CVE-2023-33731/blob/main/CVE-2023-33731.md https://owasp.org/www-community/attacks/xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •