Vulnerabilities > Escanav > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-27 | CVE-2023-34835 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. | 5.4 |
| 2023-06-27 | CVE-2023-34836 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. | 5.4 |
| 2023-06-27 | CVE-2023-34837 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. | 5.4 |
| 2023-06-27 | CVE-2023-34838 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. | 5.4 |
| 2023-06-02 | CVE-2023-33731 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | 6.1 |
| 2023-05-31 | CVE-2023-33732 | Cross-site Scripting vulnerability in Escanav Escan Management Console 14.0.1400.2281 Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval. | 6.1 |
| 2023-05-24 | CVE-2023-2875 | NULL Pointer Dereference vulnerability in Escanav Escan Anti-Virus 22.0.1400.2443 A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. | 5.5 |
| 2018-07-13 | CVE-2018-10098 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Escanav Escan Internet Security Suite 14.0.1400.2029 In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD). | 4.9 |
| 2018-01-25 | CVE-2018-6203 | Improper Input Validation vulnerability in Escanav Anti-Virus 14.0.1400.2029 In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C. | 6.1 |
| 2018-01-25 | CVE-2018-6202 | Improper Input Validation vulnerability in Escanav Anti-Virus 14.0.1400.2029 In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8. | 6.1 |