Lucene search

HCLCVELIST:CVE-2023-28013

HistoryJul 26, 2023 - 10:54 p.m.

CVE-2023-28013 HCL Verse is susceptible to a Reflected Cross-Site Scripting (XSS) Vulnerability

2023-07-2622:54:44

HCL

www.cve.org

hcl verse

reflected cross-site scripting

vulnerability

remote attacker

unauthenticated

web browser

sensitive information

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

29.9%

JSON

HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim’s web browser to perform operations as the victim and/or steal the victim’s cookies, session tokens, or other sensitive information.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Verse",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "< 3.1"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105905

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

29.9%

JSON

Related for CVELIST:CVE-2023-28013