Design/Logic Flaw

2023-04-0221:15:00

PRIOn knowledge base

www.prio-n.com

hcl launch

html injection

xss

open redirections

nvd

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.2%

JSON

HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.

CPENameOperatorVersion
hcl_launchge7.2.0.0
hcl_launchle7.2.3.2
hcl_launchge7.1.0.0
hcl_launchle7.1.2.9
hcl_launchge7.0.5.0
hcl_launchle7.0.5.13
hcl_launchge6.2.0.0
hcl_launchle6.2.7.18
hcl_launcheq7.3.0.0

Name	Operator	Version
hcl_launch	ge	7.2.0.0
hcl_launch	le	7.2.3.2
hcl_launch	ge	7.1.0.0
hcl_launch	le	7.1.2.9
hcl_launch	ge	7.0.5.0
hcl_launch	le	7.0.5.13
hcl_launch	ge	6.2.0.0
hcl_launch	le	6.2.7.18
hcl_launch	eq	7.3.0.0

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081