Stored Cross-Site Scripting Vulnerability in HCL Verse by HCL Technologies
CVE-2020-4080

6.1MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Verse
Vendor: CVE Published:; 18 December 2020

Summary

HCL Verse versions 10 and 11 are vulnerable to a Stored Cross-Site Scripting (XSS) issue due to inadequate handling of message content. An unauthenticated remote attacker can exploit this vulnerability by crafting malicious markup to run arbitrary scripts in the web browser of a victim. This exploit operates within the security scope of the hosting website, potentially allowing the attacker to compromise cookie-based authentication credentials, leading to unauthorized access to user accounts.

Affected Version(s)

HCL Verse v10, v11

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2020
Vulnerability Reserved
Dec 30, 2019