Vulnerability Database

313,552

Total vulnerabilities in the database

CVE-2023-37527

A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.

Published: Feb 2, 2024
Updated: Nov 16, 2025
CVE: CVE-2023-37527
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
hcltech / bigfix_platform	11.0.0	11.0.0.x
hcltech / bigfix_platform	10.0.0	10.0.11
hcltech / bigfix_platform	9.5	9.5.24

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo