CVE-2025-52620

Опубликовано: 15 авг. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 5.4

EPSS Низкий

Описание

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.

Ссылки

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123330
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:bigfix_saas:*:*:*:*:*:*:*:*

Версия до 8.1.14 (исключая)

EPSS

Процентиль: 12%

0.0004

Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-20

CWE-79

Связанные уязвимости

GHSA-57xj-cch5-fh92

CVSS3: 4.3

github

6 месяцев назад

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.

EPSS

Процентиль: 12%

0.0004

Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-20

CWE-79