Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3937", "assignerOrgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65", "state": "PUBLISHED", "assignerShortName": "Snow", "dateReserved": "2023-07-25T13:29:16.203Z", "datePublished": "2023-08-11T11:28:30.185Z", "dateUpdated": "2024-10-03T20:27:22.370Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "x86", "64 bit", "32 bit"], "product": "Snow License Manager", "vendor": "Snow Software", "versions": [{"lessThanOrEqual": "9.30.1", "status": "affected", "version": "9.0.0", "versionType": "0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Can Do\u011fu & Himanshu Giri"}], "datePublic": "2023-08-11T01:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"}], "value": "Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65", "shortName": "Snow", "dateUpdated": "2023-08-11T13:53:50.811Z"}, "references": [{"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to SLM version 9.30.2"}], "value": "Upgrade to SLM version 9.30.2"}], "source": {"discovery": "EXTERNAL"}, "title": "Cross site scripting vulnerabilities in Snow License Manager", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:08:50.686Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T20:27:08.462859Z", "id": "CVE-2023-3937", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T20:27:22.370Z"}}]}}