CVE-2023-37520

HIGH

HCL BigFix Platform 9.5.12.68 - Unauthenticated Stored Cross-Site Scripting in Gather Status Report

Title source: llm

Description

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376

Scores

CVSS v3 7.7

EPSS 0.0016

EPSS Percentile 36.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-79

Status published

Products (2)

hcltech/bigfix_platform 11.0.0

hcltech/bigfix_platform 9.5 - 9.5.23

Published Dec 21, 2023

Tracked Since Feb 18, 2026