CVE-2023-3937: Cross site scripting vulnerabilities in Snow License Manager
Published Aug 11, 2023
·Updated
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser
Affected Software
2 affected components
Snowsoftware Snow License Manager>=9.0.0<=9.30.1
Microsoft Windows
Remediation
Information
Upgrade to SLM version 9.30.2
Event History
Aug 11, 2023
CVE Published
via MITRE·11:28 AM
Data Sourced
via MITRE·11:28 AM
RemedyDescriptionSeverityWeakness
Frequently Asked Questions
1
What is CVE-2023-3937?
CVE-2023-3937 is a cross-site scripting vulnerability in the web portal of Snow Software License Manager.
2
What is the severity of CVE-2023-3937?
The severity of CVE-2023-3937 is medium with a CVSSv3 score of 4.8.
3
How does CVE-2023-3937 affect Snow Software License Manager?
CVE-2023-3937 affects Snow Software License Manager versions 9.0.0 up to and including 9.30.1 on Windows.
4
How can an attacker exploit CVE-2023-3937?
An attacker with high privileges can exploit CVE-2023-3937 by triggering a cross-site scripting attack through the web browser.
5
Is Microsoft Windows vulnerable to CVE-2023-3937?
No, Microsoft Windows is not vulnerable to CVE-2023-3937.