Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.
References
| Link | Resource |
|---|---|
| https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Dec 2023, 19:28
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:* cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| First Time |
Hcltech
Hcltech bigfix Platform |
|
| CWE | CWE-79 | |
| References | () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376 - Vendor Advisory |
22 Dec 2023, 12:18
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
21 Dec 2023, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-21 23:15
Updated : 2023-12-29 19:28
NVD link : CVE-2023-37520
Mitre link : CVE-2023-37520
CVE.ORG link : CVE-2023-37520
JSON object : View
Products Affected
hcltech
- bigfix_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')