CVE-2023-37531

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 29, 2024

Updated: Dec 17, 2024

CWE ID 79

Summary

CVE-2023-37531 is a newly disclosed cross-site scripting (XSS) vulnerability affecting HCL BigFix Platform's Web Reports component. Privileged users can fall victim to this issue, allowing attackers to inject malicious JavaScript code into a webpage's form field. Successful exploitation could result in unauthorized data access or manipulation, potentially leading to significant security risks. Users are advised to apply the necessary patches or updates released by HCL to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Hcltech Bigfix Platform

Affected Vendors

HCL Technologies Ltd.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r5jE2F
https://www.cve.org/CVERecord?id=CVE-2023-37531
https://nvd.nist.gov/vuln/detail/CVE-2023-37531

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners