CVE-2023-3937: Cross site scripting vulnerabilities in Snow License Manager
First published: Fri Aug 11 2023(Updated: )
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser
Credit: security@snowsoftware.com security@snowsoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Snowsoftware Snow License Manager | >=9.0.0<=9.30.1 | |
| Microsoft Windows |
Remedy
Upgrade to SLM version 9.30.2
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-3937?
CVE-2023-3937 is a cross-site scripting vulnerability in the web portal of Snow Software License Manager.
What is the severity of CVE-2023-3937?
The severity of CVE-2023-3937 is medium with a CVSSv3 score of 4.8.
How does CVE-2023-3937 affect Snow Software License Manager?
CVE-2023-3937 affects Snow Software License Manager versions 9.0.0 up to and including 9.30.1 on Windows.
How can an attacker exploit CVE-2023-3937?
An attacker with high privileges can exploit CVE-2023-3937 by triggering a cross-site scripting attack through the web browser.
Is Microsoft Windows vulnerable to CVE-2023-3937?
No, Microsoft Windows is not vulnerable to CVE-2023-3937.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/tags
- agent/first-publish-date
- vendor/snowsoftware
- canonical/snowsoftware snow license manager
- version/snowsoftware snow license manager/9.0.0
- version/snowsoftware snow license manager/9.30.1
- vendor/microsoft
- canonical/microsoft windows