CVE-2023-3937
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-3937 is a cross-site scripting (XSS) vulnerability identified in the Snow Software License Manager web portal from versions 9.0.0 to 9.30.1 running on Windows. This issue permits an authenticated user with elevated privileges to execute malicious scripts in the web browser of other users, potentially leading to data theft or unauthorized system access. Exploitation of this vulnerability requires user interaction and could result in severe security consequences. It is recommended that affected organizations upgrade to the latest version or implement mitigations to protect against XSS attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- FUJITSU Software Infrastructure Manager
Affected Vendors
- Fujitsu Limited