CVE-2023-31703

CRITICAL

Microworld Technologies eScan <14.0.1400.2281 - XSS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-31703. PoCs published by Sahil Ojha, sahiloj.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in eScan Management Console 14.0.1400.2281. The payload is injected via the 'from' parameter in the URL, leading to arbitrary JavaScript execution in the context of the victim's session.

Description

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.

Exploits (2)

exploitdb WORKING POC

by Sahil Ojha · textwebappswindows

https://www.exploit-db.com/exploits/51467

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in eScan Management Console 14.0.1400.2281. The payload is injected via the 'from' parameter in the URL, leading to arbitrary JavaScript execution in the context of the victim's session.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: eScan Management Console 14.0.1400.2281

Auth required

Prerequisites: Valid user credentials for the eScan Management Console · Access to the target URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 3 stars

by sahiloj · poc

https://github.com/sahiloj/CVE-2023-31703

View Code ZIP pw:eip

This repository documents a reflected XSS vulnerability in eScan Management Console 14.0.1400.2281, where the 'from' parameter in the edit user form is vulnerable to script injection. The PoC demonstrates cookie theft via a crafted URL.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: eScan Management Console 14.0.1400.2281

Auth required

Prerequisites: valid user credentials · access to the edit user form

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/172540/eScan-Management-Console-14.0.1400.2281-Cross-Site-Scripting.html

Exploit, Third Party Advisory

https://github.com/sahiloj/CVE-2023-31703/blob/main/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.0

EPSS 0.0447

EPSS Percentile 90.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

escanav/escan_management_console 14.0.1400.2281

Published May 17, 2023

Tracked Since Feb 18, 2026