CVE-2023-37528

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 6.5
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - Vendor Advisory () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - Vendor Advisory

12 Feb 2024, 16:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 - Vendor Advisory
CWE CWE-79
First Time Hcltech
Hcltech bigfix Platform

03 Feb 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-03 06:15

Updated : 2024-11-21 08:11


NVD link : CVE-2023-37528

Mitre link : CVE-2023-37528

CVE.ORG link : CVE-2023-37528


JSON object : View

Products Affected

hcltech

  • bigfix_platform
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')