Volerion logoVolerion
Volerion logoVolerion

HCL BigFix Service Management Content Security Policy Misconfiguration Vulnerability Allowing Cross-Site Scripting

Vulnerability

A security misconfiguration vulnerability has been identified in HCL BigFix Service Management (SM) version 23. This vulnerability arises from an improper Content Security Policy (CSP) header, which could enable attackers to inject malicious scripts. Such an injection would increase the risk of cross-site scripting (XSS) attacks and the potential exposure of sensitive information.

Impact

Exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing for the injection of malicious scripts that could be executed in the context of the user's browser.

Remediation

Users can upgrade to HCL BigFix Service Management (SM) version 27 to address this vulnerability.

Added: May 6, 2026, 7:04 PM
Updated: May 6, 2026, 7:04 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
5.8
remediation
0.0
relevance
7.6
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.