# Exploit Title: eScan Management Console 14.0.1400.2281 - Cross Site Scripting
# Date: 2023-05-16
# Exploit Author: Sahil Ojha
# Vendor Homepage:
# Software Link:
# Version: 14.0.1400.2281
# Tested on: Windows
# CVE : CVE-2023-31703

*Step of Reproduction/ Proof of Concept(POC)*

1. Login into the eScan Management Console with a valid user credential.
2. Navigate to URL:
3. Now, Inject the Cross Site Scripting Payload in "from" parameter as
shown below and a valid XSS pop up appeared."><script>alert(document.cookie)</script>banner&P=
4. By exploiting this vulnerability, any arbitrary attacker could have
stolen an admin user session cookie to perform account takeover.