CVE-2023-37520

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.

Published: Dec 22, 2023
Updated: Dec 30, 2023
CVE: CVE-2023-37520
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
hcltech / bigfix_platform	10.0.0	10.0.10
hcltech / bigfix_platform	9.5	9.5.23
hcltech / bigfix_platform	11.0.0	11.0.0.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376

Vulnerability Database

289,697

CVE-2023-37520