Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHCLCVELIST:CVE-2023-28025
HistoryDec 21, 2023 - 12:32 a.m.

CVE-2023-28025 An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management

2023-12-2100:32:29
HCL
www.cve.org
4
cve-2023-28025
master operator
svg tag
alert pop-up
cookie
stored xss
preventive measure
user inputs
server storage

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

EPSS

0

Percentile

14.0%

JSON

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL BigFix Mobile / Modern Client Management",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<= 3.1"
      }
    ]
  }
]

Related

prion 1
cve 1
nvd 1
prion
prion
Cross site scripting
2023-12-21 01:15:00
cve
cve
CVE-2023-28025
2023-12-21 01:15:32
nvd
nvd
CVE-2023-28025
2023-12-21 01:15:32

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

EPSS

0

Percentile

14.0%

JSON
Related for CVELIST:CVE-2023-28025
prion1cve1nvd1