Headline
CVE-2023-43763: CVE-2023-NNN
Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux.
Multiple Reflected cross-site scripting (XSS) vulnerabilities exists in the F-Secure Policy Manager due to an unvalidated parameter in the endpoint a remote attacker can provide a malicious input to trigger a XSS vulnerability.
This issue was reported to WithSecure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
WithSecure would like to thank following person for bringing this issue to our attention.