CVE-2024-23553: A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform

3.0 CVSS

Description

A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.

Classification

CVE ID: CVE-2024-23553

CVSS Base Severity: LOW

CVSS Base Score: 3.0

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

Affected Products

Vendor: HCL Software

Product: BigFix Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.31% (probability of being exploited)

EPSS Percentile: 53.6% (scored less or equal to compared to others)

EPSS Date: 2025-06-04 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23553
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209

Timeline

2025-06-03 19:40:22 UTC
CVE

A cross-site scripting (XSS) vulnerability affects HCL BigFix Platform