CVE-2023-3937

{"id": "CVE-2023-3937", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@snowsoftware.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2023-08-11T12:15:09.637", "references": [{"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "security@snowsoftware.com"}, {"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@snowsoftware.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"}, {"lang": "es", "value": "La vulnerabilidad de cross site scripting en el portal web del Snow Software License Manager desde la versi\u00f3n 9.0.0 hasta la 9.30.1 inclusive en Windows permite a un usuario autenticado con privilegios elevados desencadenar un ataque de cross site scripting a trav\u00e9s del navegador web.\n"}], "lastModified": "2024-11-21T08:18:21.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snowsoftware:snow_license_manager:*:*:*:*:service_provider:*:*:*", "vulnerable": true, "matchCriteriaId": "37BB220A-0027-4C55-9EE3-25815A917061", "versionEndIncluding": "9.30.1", "versionStartIncluding": "9.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@snowsoftware.com"}