Lucene search
K
HcltechVerse

5 matches found

CVE
CVE
added 2022/05/12 9:25 p.m.97 views

CVE-2021-27768

The CVE-2021-27768 entry applies to HCL Verse for Android, where hostname verification and SSL certificate validation during server setup and login are broken. This enables a MITM attack via a proxy in transparent mode and an invalid hostname certificate, potentially exposing sensitive account in...

6.3CVSS5.7AI score0.00307EPSS
CVE
CVE
added 2023/07/26 10:54 p.m.62 views

CVE-2023-28013

CVE-2023-28013 affects HCL Verse (web application). The provided documents describe a Reflected Cross Site Scripting (XSS) vulnerability where a remote, unauthenticated attacker could lure a user into submitting crafted markup, enabling execution of script in the victim’s browser and potential ex...

6.5CVSS6.1AI score0.0029EPSS
CVE
CVE
added 2023/03/10 4:13 a.m.52 views

CVE-2021-27788

HCL Verse is affected by a Cross-Site Scripting (XSS) vulnerability exploitable by tricking a user into clicking a crafted URL. The vulnerability could allow an attacker, without authentication, to run scripts in the victim’s browser and potentially steal cookies, session tokens, or other sensiti...

8.3CVSS6.4AI score0.00568EPSS
CVE
CVE
added 2022/11/01 5:55 p.m.51 views

CVE-2020-4099

CVE-2020-4099 affects HCL Verse for Android, where the APK was signed with a key length of 1024 bits or less. The underlying issue is weak signing keys, which could allow an attacker to forge the app’s digital signature after malicious modification. Documented impact is that forged signatures cou...

7.5CVSS6.5AI score0.00273EPSS
CVE
CVE
added 2023/08/01 12:41 a.m.48 views

CVE-2023-37496

HCL Verse is affected by a stored XSS vulnerability. The issue could allow an attacker to execute script in a victim’s browser and access cookies, session tokens, or other sensitive data. The connected documents identify it as a stored XSS but do not provide affected versions, root-cause details,...

8.3CVSS6AI score0.00339EPSS