Description: Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.
Vulnerable Product Version: 14.0.1400.2281
Date: 23/06/2023
CVE: CVE-2023-34835
CVE Author: Sahil Ojha
Vendor Homepage: https://www.escanav.com
Software Link: https://cl.escanav.com/ewconsole.dll
Tested on: Windows
Steps to reproduce:
-
Login into the eScan Management Console with a valid user credential. Here, escan management console is on internal network.
-
Navigate to "Report Template" feature and select any random report and click on delete button.
-
Capture the post request in burpsuite and inject the XSS paylaod into "delete_file" parameter.
-
After forwarding the request, an XSS alert will pop up with user sesssion cookie which could be chained and escalted to perform account takeover.
