HCL Digital Experience is susceptible to cross-site scripting (XSS)
CVE-2022-38653

5.4MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Digital Experience
Vendor: CVE Published:; 19 December 2022

Summary

In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.

Affected Version(s)

HCL Digital Experience 8.5, 9.0, 9.5

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Aug 22, 2022

.