CVE-2023-3937

Cross site scripting vulnerabilities in Snow License Manager

Description

Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser

Remediation

Solution:

  • Upgrade to SLM version 9.30.2

Category

4.8
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.19%
Vendor Advisory snowsoftware.com
Affected: Snow Software Snow License Manager
Published at:
Updated at:

References

Link Tags
https://community.snowsoftware.com/s/feed/0D56M00009gUexuSAC vendor advisory issue tracking

Frequently Asked Questions

What is the severity of CVE-2023-3937?
CVE-2023-3937 has been scored as a medium severity vulnerability.
How to fix CVE-2023-3937?
To fix CVE-2023-3937: Upgrade to SLM version 9.30.2
Is CVE-2023-3937 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-3937 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3937?
CVE-2023-3937 affects Snow Software Snow License Manager.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.