Arbitrary Code Injection via Cross Site Scripting (XSS) in Microworld Technologies eScan Management Console 14.0.1400.2281

Arbitrary Code Injection via Cross Site Scripting (XSS) in Microworld Technologies eScan Management Console 14.0.1400.2281

CVE-2023-31703 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.

Learn more about our User Device Pen Test.