HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
6.1CVSS
6AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.002EPSS
5.4CVSS
5.5AI Score
0.001EPSS
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.
6.1CVSS
6.2AI Score
0.001EPSS