Cross-Site Scripting Vulnerability in HCL AppScan Source by HCL Technologies
CVE-2019-4388

4.8MEDIUM

Key Information:

Vendor: HCL Software
Status: Appscan Source
Vendor: CVE Published:; 18 December 2019

Summary

HCL AppScan Source versions 9.0.3.13 and earlier are vulnerable to cross-site scripting (XSS) attacks. This issue arises from the application's allowance for users to insert arbitrary JavaScript code into the web interface, potentially enabling attackers to execute malicious scripts in the context of an affected user's session. If exploited, the vulnerability could lead to unauthorized actions performed on behalf of users, data theft, and compromise of user credentials within the application.

Affected Version(s)

AppScan Source 9.0.3.13 and earlier

References

https://hclpnpsupport.hcltech.com/csm?id=kb_article&syspa...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2019
Vulnerability Reserved
Jan 3, 2019