HCL Verse is susceptible to a Stored Cross-Site Scripting (XSS) Vulnerability
CVE-2023-37496

8.3HIGH

Key Information:

Vendor: Hcl Software
Status: Hcl Verse
Vendor: CVE Published:; 1 August 2023

Summary

HCL Verse contains a Stored Cross Site Scripting (XSS) vulnerability that could potentially allow an attacker to inject malicious scripts into the web application. Once executed in a victim's browser, this can enable unauthorized actions or lead to the theft of sensitive data including cookies and session tokens. Proper security measures and timely updates are essential to mitigate these risks and protect user information.

Affected Version(s)

HCL Verse < 3.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2023
Vulnerability Reserved
Jul 6, 2023