CVE-2023-31703

CRITICAL

Microworld Technologies eScan <14.0.1400.2281 - XSS

Title source: llm

Description

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.

Exploits (2)

exploitdb WORKING POC

by Sahil Ojha · textwebappswindows

https://www.exploit-db.com/exploits/51467

View Code ZIP pw:eip

nomisec WRITEUP 3 stars

by sahiloj · poc

https://github.com/sahiloj/CVE-2023-31703

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/172540/eScan-Management-Console-14.0.1400.2281-Cross-Site-Scripting.html

[Exploit, Third Party Advisory] https://github.com/sahiloj/CVE-2023-31703/blob/main/README.md

Scores

CVSS v3 9.0

EPSS 0.0164

EPSS Percentile 82.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-79

Status published

Products (1)

escanav/escan_management_console 14.0.1400.2281

Published May 17, 2023

Tracked Since Feb 18, 2026