CVE-2023-34835

Name of the Vulnerable Software and Affected Versions Microworld Technologies eScan Management console version 14.0.1400.2281

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete file parameter. This enables the attacker to perform unauthorized actions on the affected system.

Recommendations For Microworld Technologies eScan Management console version 14.0.1400.2281, avoid using the delete file parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the delete file functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.