CVE-2023-33731

MEDIUM

Microworld Technologies eScan <14.0.1400.2281 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33731. PoCs published by sahiloj.

AI-analyzed exploit summary This repository contains a writeup detailing a reflected XSS vulnerability in eScan Management Console 14.0.1400.2281. The vulnerability allows remote attackers to inject arbitrary JavaScript code via URL parameters, potentially leading to session cookie theft.

Description

Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.

Exploits (1)

nomisec WRITEUP 1 stars
by sahiloj · poc
https://github.com/sahiloj/CVE-2023-33731

This repository contains a writeup detailing a reflected XSS vulnerability in eScan Management Console 14.0.1400.2281. The vulnerability allows remote attackers to inject arbitrary JavaScript code via URL parameters, potentially leading to session cookie theft.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: eScan Management Console 14.0.1400.2281
Auth required
Prerequisites: Valid user credentials for the eScan Management Console
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.0081
EPSS Percentile 52.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
escanav/escan_management_console 14.0.1400.2281
Published Jun 02, 2023
Tracked Since Feb 18, 2026