CVE-2023-37528: 
HCL BigFix Server vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability exists in the Web Reports component of HCL BigFix Platform, specifically affecting versions 9.5 through 9.5.24, 10.0.0 through 10.0.11, and 11.0.0. The vulnerability allows an attacker to exploit an application parameter during the execution of the Save Report function (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The attack vector is network-based, requiring user interaction but no privileges. The scope is changed, with low impacts on both confidentiality and integrity, and no impact on availability (NVD).

If successfully exploited, this XSS vulnerability could allow attackers to execute malicious JavaScript code in the context of the user's browser session. This could potentially lead to the theft of session cookies, unauthorized access to sensitive information, and manipulation of web content (NVD).

Users should upgrade to the latest version of HCL BigFix Platform that addresses this vulnerability. The affected versions include 9.5 through 9.5.24, 10.0.0 through 10.0.11, and 11.0.0 (NVD).