CVE-2023-31703
CVE-2023-31703
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Popular PoC on GitHub (4 stars) — exploitation code widely available.
CVSS 9EPSS 4.5%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
17 May 2023Published on NVD
17 May 2023Public PoC
Weaponization speed
same dayto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/sahiloj/CVE-2023-31703★ 4cve_referencepacketstormsecurity.com/files/172540/eScan-Management-Console-14.0.1400.2281-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51467unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.