exploitDog

CVE-2025-52622

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.

Ссылки

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127171

EPSS

Процентиль: 9%

0.00032

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-1188

Связанные уязвимости

GHSA-w678-3c66-v2gr

CVSS3: 5.4

github

2 месяца назад

The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.

EPSS

Процентиль: 9%

0.00032

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-1188