Nickolas Britt

**Name of the Vulnerable Software and Affected Versions** BigFix Server version 9.5.12.68 **Description** An Unauthenticated Stored Cross-Site Scripting (XSS) issue has been identified, allowing for potential data exfiltration. This issue is located in the Gather Status Report, which is served by the BigFix Relay. **Recommendations** For BigFix Server version 9.5.12.68, consider disabling the Gather Status Report feature until a patch is available to prevent potential exploitation. Restrict access to the BigFix Relay to minimize the risk of data exfiltration. At the moment, there is no information about a newer version that contains a fix for this issue.