Vulnerabilities > Escanav
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-16 | CVE-2023-4383 | Incorrect Permission Assignment for Critical Resource vulnerability in Escanav Escan Anti-Virus 7.0.32 A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. | 7.8 |
| 2023-06-27 | CVE-2023-34835 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. | 5.4 |
| 2023-06-27 | CVE-2023-34836 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. | 5.4 |
| 2023-06-27 | CVE-2023-34837 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. | 5.4 |
| 2023-06-27 | CVE-2023-34838 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. | 5.4 |
| 2023-06-02 | CVE-2023-33731 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | 6.1 |
| 2023-05-31 | CVE-2023-33730 | Cleartext Transmission of Sensitive Information vulnerability in Escanav Escan Management Console 14.0.1400.2281 Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. | 9.8 |
| 2023-05-31 | CVE-2023-33732 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval. | 6.1 |
| 2023-05-24 | CVE-2023-2875 | NULL Pointer Dereference vulnerability in Escanav Escan Anti-Virus 22.0.1400.2443 A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. | 5.5 |
| 2023-05-17 | CVE-2023-31702 | SQL Injection vulnerability in Escanav Escan Management Console 14.0.1400.2281 SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1. | 7.2 |