CVE-2022-42452

4.6MEDIUM

Key Information:

Vendor: Hcl Software
Status: Hcl Launch
Vendor: CVE Published:; 2 April 2023

Summary

HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.

Affected Version(s)

HCL Launch < 6.2.7.18, 7.0 -7.0.5.13, 7.1-7.1.2.9, 7.2-7.2.3.2, 7.3

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2023
Vulnerability Reserved
Oct 6, 2022