{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T00:07:57.939","vulnerabilities":[{"cve":{"id":"CVE-2023-37520","sourceIdentifier":"psirt@hcl.com","published":"2023-12-21T23:15:08.453","lastModified":"2024-11-21T08:11:51.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. This XSS vulnerability is in the Gather Status Report, which is served by the BigFix Relay.\n"},{"lang":"es","value":"Vulnerabilidad de Cross-Site Scripting (XSS) almacenado no autenticada identificada en BigFix Server versión 9.5.12.68, lo que permite una posible filtración de datos. Esta vulnerabilidad XSS se encuentra en el Gather Status Report, que proporciona BigFix Relay."}],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"9.5","versionEndExcluding":"9.5.23","matchCriteriaId":"AD5115AD-E409-417E-B3FC-35017E57E060"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.10","matchCriteriaId":"5D9C29D2-7B7C-4040-9451-BAB1FB5E4D28"},{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:bigfix_platform:11.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C54B20CA-80AF-4E7E-A511-C208E81FB37E"}]}]}],"references":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376","source":"psirt@hcl.com","tags":["Vendor Advisory"]},{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109376","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}