Lucene search

HCLCVELIST:CVE-2023-45707

HistoryJun 08, 2024 - 3:10 p.m.

CVE-2023-45707 HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)

2024-06-0815:10:32

HCL

www.cve.org

hcl connections

cross-site scripting

arbitrary code execution

credentials disclosure

additional attacks

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Connections Docs",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "<= 2.0.2"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108427