CVE-2023-31703

Name of the Vulnerable Software and Affected Versions eScan management console version 14.0.1400.2281

Description The issue is related to Cross Site Scripting (XSS) in the edit user form, allowing a remote attacker to inject arbitrary code via the from parameter. This enables the attacker to execute malicious scripts on the victim's browser.

Recommendations For version 14.0.1400.2281, consider disabling the edit user form functionality until a patch is available to prevent exploitation. Restrict access to the vulnerable form to minimize the risk of arbitrary code injection. Avoid using the from parameter in the affected form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.