CVE-2023-37519: 
HCL BigFix Server vulnerability analysis and mitigation

An Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability exists in the Download Status Report feature of the BigFix Server. The vulnerability affects BigFix Platform versions 9.5 through 9.5.23, versions 10.0.0 through 10.0.10, and version 11.0.0 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.1 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) by NIST NVD, while HCL Software assessed it with a Base Score of 7.7 HIGH (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute malicious scripts in a user's browser context, potentially leading to the disclosure of sensitive information or manipulation of web content when users access the Download Status Report feature (NVD).

Users should upgrade to BigFix Platform versions 9.5.23, 10.0.10, or later versions that contain patches for this vulnerability. The vendor has released security updates to address this issue (HCL Advisory).