Cross-Site Scripting Vulnerability in HCL Connections by HCL Technologies
CVE-2020-4084

5.4MEDIUM

Key Information:

Vendor: Hcl Software
Status: Hcl Connections
Vendor: CVE Published:; 9 March 2020

Summary

HCL Connections versions 5.5, 6.0, and 6.5 are susceptible to a cross-site scripting vulnerability that enables attackers to inject arbitrary JavaScript code into the Web UI. This flaw can compromise the integrity of a user’s session, leading to potential exposure of sensitive credentials and other sensitive information within a trusted environment. Users and administrators should be aware of this vulnerability and take necessary actions to mitigate the associated risks.

Affected Version(s)

HCL Connections 5.5

HCL Connections 6.0

HCL Connections 6.5

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 9, 2020
Vulnerability Reserved
Dec 30, 2019