Описание
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.
Уязвимые конфигурации
Конфигурация 1Версия от 9.5 (включая) до 9.5.24 (исключая)Версия от 10.0.0 (включая) до 10.0.11 (исключая)
Одно из
cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.0012
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 2 лет назад
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.
EPSS
Процентиль: 31%
0.0012
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
CWE-79