Cross-Site Scripting Vulnerability in HCL Digital Experience by HCL Technologies
CVE-2020-14223
6.1MEDIUM
Summary
HCL Digital Experience versions 8.5, 9.0, and 9.5 are vulnerable to a cross-site scripting (XSS) flaw that can lead to reflected or non-persistent attacks. This security issue allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising sensitive information or executing unauthorized actions on behalf of the user. Organizations using these affected versions must implement appropriate mitigation strategies to protect against this vulnerability.
Affected Version(s)
HCL Digital Experience 8.5, 9.0, 9.5.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved