CVE-2021-27781 – HCL BigFix Mobile / Modern Client Management is vulnerable to stored cross-site scripting
https://notcve.org/view.php?id=CVE-2021-27781
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. El operador de Master puede ser capaz de insertar la etiqueta de script en HTML con la cookie de visualización de alertas • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-27780 – HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction
https://notcve.org/view.php?id=CVE-2021-27780
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. El software puede ser vulnerable tanto a la interacción XML no autenticada como a la inscripción de dispositivos no autenticados • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028 • CWE-112: Missing XML Validation •