Lucene search

HCLCVELIST:CVE-2023-37499

HistoryAug 03, 2023 - 9:38 p.m.

CVE-2023-37499 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform

2023-08-0321:38:49

HCL

www.cve.org

cve-2023-37499

persistent cross-site scripting

hcl unica platform

user session hijack

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user’s session and perform other attacks.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Unica Platform",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<12.1.1"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106555

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON

Related for CVELIST:CVE-2023-37499