Description: Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via vulnerable parameters like Dtltyp and ListName.
Vulnerable Product Version: 14.0.1400.2281
Date: 23/06/2023
CVE: CVE-2023-34836
CVE Author: Sahil Ojha
Vendor Homepage: https://www.escanav.com
Software Link: https://cl.escanav.com/ewconsole.dll
Tested on: Windows
Steps to reproduce:
-
Login into the eScan Management Console with a valid user credential. Here, escan management console is on internal network.
-
Navigate to "User Activity >> File Activity Report" feature.
-
Capture the GET request in burpsuite and inject the XSS paylaod into "Dtltyp" and "ListName" parameter as shown in fugure below.
-
After forwarding the request, an XSS alert will pop up which could be modified to extract user session cookie as well.
