CVE-2023-28014 – HCL BigFix Mobile can be affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-28014
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. HCL BigFix Mobile es vulnerable a ataques de tipo Cross-Site Scripting. Un atacante autenticado podría inyectar scripts maliciosos en la aplicación. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-28012 – HCL BigFix Mobile can be affected by a command injection vulnerability
https://notcve.org/view.php?id=CVE-2023-28012
HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. HCL BigFix Mobile es vulnerable a ataques de inyección de comandos. Un atacante autenticado podría ejecutar comandos shell arbitrarios en el servidor WebUI. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106372 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •