CVE-2023-37528 — Cross-site Scripting in Bigfix Platform

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA6.5

EPSS

0.3%

top 48.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hcltech Bigfix Platform HCL Software Bigfix Platform

Timeline

PublishedFeb 3

Description

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDhcltech/bigfix_platform9.5 — 9.5.24+2

▶CVEListV5hcl_software/bigfix_platform9.5 - 9.5.23, 10 - 10.0.9

🔴Vulnerability Details

GHSA

GHSA-g5p5-rhqv-c3qj: A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application↗2024-02-03

▶

CVEList

A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform↗2024-02-03

▶