Description

Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser

Related CPE's

a

snowsoftware

snow_license_manager

*

*

*

*

service_provider

Vulnerable

o

microsoft

windows

-

References

https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC

Issue TrackingVendor Advisory

Weaknesses

[email protected]

Primary
CWE-79

[email protected]

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.8 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-11T12:15:09.637

11 months ago

Last modified

2023-08-18T14:30:09.183

11 months ago