Skip to main content

Escan Management Console

10 CVEs product

Monthly

CVE-2024-42919 CRITICAL POC Act Now

eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Escan Management Console
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-34838 MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-34837 MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-34836 MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-34835 MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Escan Management Console
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-33731 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-33732 MEDIUM This Month

Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-33730 CRITICAL POC Act Now

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Escan Management Console
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31703 CRITICAL POC Act Now

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub Exploit-DB
CVSS 3.1
9.0
EPSS
4.5%
CVE-2023-31702 HIGH POC This Week

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft SQLi Escan Management Console
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
4.3%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Escan Management Console
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Escan Management Console
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Escan Management Console
NVD GitHub
EPSS 4% CVSS 9.0
CRITICAL POC Act Now

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub Exploit-DB
EPSS 4% CVSS 7.2
HIGH POC This Week

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft SQLi +1
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy