Description: Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.
Vulnerable Product Version: 14.0.1400.2281
Date: 30/05/2023
CVE: CVE-2023-33731
CVE Author: Sahil Ojha
Vendor Homepage: https://www.escanav.com
Software Link: https://cl.escanav.com/ewconsole.dll
Tested on: Windows
Steps to reproduce:
- Login into the eScan Management Console with a valid user credential.
- Navigate to URL: https://cl.escanav.com/ewconsole/ewconsole.dll/DashBoardDetails?type=PS%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&subtype=13&result=3&windowname=usrmgmt&DisplayOSSelection=true
- After browsing the above mentioned URL, a XSS alert popped up with user session cookie as shown in figure below. Other vulnerable paramater's in the above URL are subtype and result.
- By exploiting this vulnerability, any arbitrary attacker could have stolen an admin user session cookie to perform account takeover.