CVE-2023-3937

Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
SnowCNA
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
snowsoftwaresnow_license_manager
9.0.0 ≤
𝑥
≤ 9.30.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC
https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC