Lucene search

[email protected]CVE-2023-3937

HistoryAug 11, 2023 - 12:15 p.m.

CVE-2023-3937

2023-08-1112:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-3937

cross site scripting

snow software license manager

vulnerability

web portal

windows

nvd

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser

Affected configurations

NVD

Node

snowsoftwaresnow_license_managerRange9.0.0–9.30.1service_provider

AND

microsoftwindowsMatch-

CPENameOperatorVersion
snowsoftware:snow_license_managersnowsoftware snow license managerle9.30.1

CPE	Name	Operator	Version
snowsoftware:snow_license_manager	snowsoftware snow license manager	le	9.30.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "x86",
      "64 bit",
      "32 bit"
    ],
    "product": "Snow License Manager",
    "vendor": "Snow Software",
    "versions": [
      {
        "lessThanOrEqual": "9.30.1",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "0"
      }
    ]
  }
]

References

community.snowsoftware.com/s/feed/0D56M00009gUexuSAC