CVE-2024-42200 — Cross-site Scripting in Bigfix Platform

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 65.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hcltech Bigfix Platform HCL Software HCL Bigfix Platform

Timeline

PublishedApr 15

Description

HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

▶NVDhcltech/bigfix_platform10.0.0 — 10.0.13+1

▶CVEListV5hcl_software/hcl_bigfix_platform10.0 - 10.0.12; 11.0.0 - 11.0.3

🔴Vulnerability Details

GHSA

GHSA-2g48-r5cc-hm38: HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input↗2025-04-15

▶

CVEList

HCL BigFix Web Reports is potentially susceptible to a Stored Cross-Site Scripting (XSS) attack↗2025-04-15

▶