9.8
CVE-2023-37523
- EPSS 0.13%
- Veröffentlicht 16.01.2024 18:15:09
- Zuletzt bearbeitet 03.06.2025 19:15:32
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
LoginHCL BigFix OSD Bare Metal Server WebUI is affected by missing or insecure tags
Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltechsw ≫ Bigfix Bare Osd Metal Server Webui Version <= 311.19
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.334 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@hcl.com | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.