5 matches found
CVE-2021-27768
The CVE-2021-27768 entry applies to HCL Verse for Android, where hostname verification and SSL certificate validation during server setup and login are broken. This enables a MITM attack via a proxy in transparent mode and an invalid hostname certificate, potentially exposing sensitive account in...
CVE-2023-28013
CVE-2023-28013 affects HCL Verse (web application). The provided documents describe a Reflected Cross Site Scripting (XSS) vulnerability where a remote, unauthenticated attacker could lure a user into submitting crafted markup, enabling execution of script in the victim’s browser and potential ex...
CVE-2021-27788
HCL Verse is affected by a Cross-Site Scripting (XSS) vulnerability exploitable by tricking a user into clicking a crafted URL. The vulnerability could allow an attacker, without authentication, to run scripts in the victim’s browser and potentially steal cookies, session tokens, or other sensiti...
CVE-2020-4099
CVE-2020-4099 affects HCL Verse for Android, where the APK was signed with a key length of 1024 bits or less. The underlying issue is weak signing keys, which could allow an attacker to forge the app’s digital signature after malicious modification. Documented impact is that forged signatures cou...
CVE-2023-37496
HCL Verse is affected by a stored XSS vulnerability. The issue could allow an attacker to execute script in a victim’s browser and access cookies, session tokens, or other sensitive data. The connected documents identify it as a stored XSS but do not provide affected versions, root-cause details,...