4 matches found
CVE-2021-27774
CVE-2021-27774 involves HCL Digital Experience and an injection-type vulnerability where user input is echoed in an error response. This behavior could enable phishing attacks by exposing or misusing input data via error messages. The connected documents corroborate that the issue centers on inpu...
CVE-2022-38662
In HCL Digital Experience, the CVE-2022-38662 issue is an open redirect vulnerability caused by URL construction that can redirect users to untrusted sites. Affected product: HCL Digital Experience (web/DX URL handling). Impact: potential user redirection to attacker-controlled or untrusted desti...
CVE-2020-4101
CVE-2020-4101 concerns HCL Digital Experience and is described in multiple connected records as a Server Side Request Forgery (SSRF) vulnerability. The documents corroborate the issue but do not provide concrete details on affected versions, root cause specifics, or available remediations within ...
CVE-2020-14222
The CVE-2020-14222 entry affects HCL Digital Experience versions 8.5, 9.0, and 9.5. A subcomponent is susceptible to reflected Cross-Site Scripting (XSS); exploitation requires the victim to click a crafted URL delivered via email or another site. The vulnerability’s impact is reflected XSS with ...