CVE-2023-3937
CVSS V2 None
CVSS V3 None
Description
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser
Overview
- CVE ID
- CVE-2023-3937
- Assigner
- security@snowsoftware.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-08-11T12:15:09
- Last Modified Date
- 2023-08-18T14:30:09
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:snowsoftware:snow_license_manager:*:*:*:*:service_provider:*:*:* | 1 | OR | 9.0.0 | 9.30.1 |
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | 0 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC | Issue Tracking Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-3937 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3937 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-09-06 03:37:04 | Added to TrackCVE | |||
| 2023-09-06 03:37:07 | Weakness Enumeration | new |