CVE-2023-37527

A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 5.4
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - Vendor Advisory () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - Vendor Advisory

10 Feb 2024, 01:19

Type Values Removed Values Added
First Time Hcltech
Hcltech bigfix Platform
CPE cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - Vendor Advisory

02 Feb 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-02 19:15

Updated : 2024-11-21 08:11


NVD link : CVE-2023-37527

Mitre link : CVE-2023-37527

CVE.ORG link : CVE-2023-37527


JSON object : View

Products Affected

hcltech

  • bigfix_platform
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')