CVE-2023-28025 MEDIUM

CVE-2023-28025: An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management

Vendor Hcl Software
Product HCL BigFix Mobile / Modern Client Management
Published December 21, 2023
Last update August 2, 2024

CVSS base score

6.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage.

Key dates

02Disclosure timeline

December 21, 2023 CVE published
August 2, 2024 Record updated