An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management
CVE-2023-28025

6.6MEDIUM

Key Information:

Vendor: HCL Software
Status: HCL BigFix Mobile / Modern Client Management
Vendor: CVE Published:; 21 December 2023

Summary

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage.

Affected Version(s)

HCL BigFix Mobile / Modern Client Management <= 3.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 21, 2023
Vulnerability Reserved
Mar 10, 2023