Vulnerabilities > Escanav > Escan Management Console > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-27 | CVE-2023-34835 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. | 5.4 |
| 2023-06-27 | CVE-2023-34836 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. | 5.4 |
| 2023-06-27 | CVE-2023-34837 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. | 5.4 |
| 2023-06-27 | CVE-2023-34838 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. | 5.4 |
| 2023-06-02 | CVE-2023-33731 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | 6.1 |
| 2023-05-31 | CVE-2023-33732 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval. | 6.1 |