Lucene search
HCLCVE-2023-37501HistoryAug 03, 2023 - 11:15 p.m.
CVE-2023-37501
2023-08-0323:15:10
CWE-79
HCL
web.nvd.nist.gov
31
cve-2023-37501
persistent xss
unica campaign
session hijacking
security vulnerability
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6
Confidence
High
EPSS
0.001
Percentile
27.8%
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. Β An attacker could hijack a userβs session and perform other attacks.
Affected configurations
Node
hcltechunicaRange<12.1.1
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "HCL Unica Campaign",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "<12.1.3"
}
]
}
]Related
prion
prion
Cross site scripting
2023-08-03 23:15:00
nvd
nvd
CVE-2023-37501
2023-08-03 23:15:10
cvelist
cvelist
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6
Confidence
High
EPSS
0.001
Percentile
27.8%
Related for CVE-2023-37501