CVE-2023-45706 — Cross-site Scripting in Bigfix Platform

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.0MEDIUMNVD

CNA2.0

EPSS

0.5%

top 34.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hcltech Bigfix Platform HCL Software Bigfix Platform

Timeline

PublishedMar 28

Description

An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.0 | Impact: 2.7

Affected Packages2 packages

▶NVDhcltech/bigfix_platform9.5 — 9.5.24+2

▶CVEListV5hcl_software/bigfix_platform9.5 - 9.5.23, 10.0 - 10.0.10, 11.0.0 - 11.0.1

🔴Vulnerability Details

GHSA

GHSA-38mw-3mfv-34fc: An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration↗2024-03-28

▶

CVEList

HCL BigFix Platform is susceptible to Cross Site Scripting (XSS) and/or Man in the Middle (MITM) attack↗2024-03-28

▶