# Exploit Title: eScan Management Console 14.0.1400.2281 - Cross Site Scripting  
# Date: 2023-05-16  
# Exploit Author: Sahil Ojha  
# Vendor Homepage:  
# Software Link:  
# Version: 14.0.1400.2281  
# Tested on: Windows  
# CVE : CVE-2023-31703  
*Step of Reproduction/ Proof of Concept(POC)*  
1. Login into the eScan Management Console with a valid user credential.  
2. Navigate to URL:  
3. Now, Inject the Cross Site Scripting Payload in "from" parameter as  
shown below and a valid XSS pop up appeared."><script>alert(document.cookie)</script>banner&P=  
4. By exploiting this vulnerability, any arbitrary attacker could have  
stolen an admin user session cookie to perform account takeover.