Description

Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser

Related CPE's

a

snowsoftware

snow_license_manager

*

*

*

*

service_provider

Vulnerable

o

microsoft

windows

-

References

https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC

Issue TrackingVendor Advisory

https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC

Issue TrackingVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-79

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.8 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-11T10:15:09.637Z

2 years ago

Last modified

2024-11-21T07:18:21.540Z

1 year ago