A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform
CVE-2023-37499

8.1HIGH

Key Information:

Vendor: Hcl Software
Status: Hcl Unica Platform
Vendor: CVE Published:; 3 August 2023

Summary

A persistent cross-site scripting (XSS) vulnerability exists in the Unica Platform, which allows an attacker to inject malicious scripts into web pages that are viewed by other users. This could lead to session hijacking, data theft, and unauthorized actions performed on behalf of the users. Organizations using Unica Platform should take immediate action to mitigate this vulnerability and ensure their user data remains secure.

Affected Version(s)

HCL Unica Platform <12.1.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jul 6, 2023