A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.
References
Link | Resource |
---|---|
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 | Vendor Advisory |
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:11
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - Vendor Advisory |
10 Feb 2024, 01:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Hcltech
Hcltech bigfix Platform |
|
CPE | cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:* |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - Vendor Advisory |
02 Feb 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-02 19:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37527
Mitre link : CVE-2023-37527
CVE.ORG link : CVE-2023-37527
JSON object : View
Products Affected
hcltech
- bigfix_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')