{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37529", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2023-07-06T16:12:30.394Z", "datePublished": "2024-02-02T19:45:10.048Z", "dateUpdated": "2025-06-03T18:59:06.988Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BigFix Platform", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "9.5 - 9.5.23, 10 - 10.0.10"}]}], "datePublic": "2024-02-02T14:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A c</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">ross-site scripting (XSS) vulnerability in the <span style=\"background-color: rgb(255, 255, 255);\">Web Reports component of <span style=\"background-color: rgb(255, 255, 255);\">HCL BigFix Platform</span></span> <span style=\"background-color: rgb(255, 255, 255);\">can possibly allow an attacker </span><span style=\"background-color: rgb(255, 255, 255);\">to execute </span>malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.</span></span><br>"}], "value": "A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-02-02T19:45:10.048Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209"}], "source": {"discovery": "UNKNOWN"}, "title": "A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-29T18:40:45.935779Z", "id": "CVE-2023-37529", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T18:59:06.988Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:30.546Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:30.546Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-37529", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-29T18:40:45.935779Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.113Z"}}], "cna": {"title": "A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "BigFix Platform", "versions": [{"status": "affected", "version": "9.5 - 9.5.23, 10 - 10.0.10"}], "defaultStatus": "unaffected"}], "datePublic": "2024-02-02T14:10:00.000Z", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A c</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">ross-site scripting (XSS) vulnerability in the <span style=\"background-color: rgb(255, 255, 255);\">Web Reports component of <span style=\"background-color: rgb(255, 255, 255);\">HCL BigFix Platform</span></span> <span style=\"background-color: rgb(255, 255, 255);\">can possibly allow an attacker </span><span style=\"background-color: rgb(255, 255, 255);\">to execute </span>malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.</span></span><br>", "base64": false}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2024-02-02T19:45:10.048Z"}}}, "cveMetadata": {"cveId": "CVE-2023-37529", "state": "PUBLISHED", "dateUpdated": "2025-06-03T18:59:06.988Z", "dateReserved": "2023-07-06T16:12:30.394Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2024-02-02T19:45:10.048Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8477E2A-0466-4415-9420-9D1183AF9FA3", "versionEndExcluding": "9.5.24", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "35E5DFF7-4361-4A0C-A028-38FBF2A779F7", "versionEndExcluding": "10.0.11", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C54B20CA-80AF-4E7E-A511-C208E81FB37E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.\n"}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting (XSS) en el componente Web Reports de HCL BigFix Platform posiblemente pueda permitir que un atacante ejecute c\u00f3digo javascript malicioso en una p\u00e1gina web intentando recuperar informaci\u00f3n almacenada en cookies. Esta no es la misma vulnerabilidad identificada en CVE-2023-37530."}], "id": "CVE-2023-37529", "lastModified": "2025-06-03T19:15:33.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-29T01:40:04.583", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}