HCL Digital Experience is susceptible to cross site scripting (XSS)
CVE-2023-37538

9.3CRITICAL

Key Information:

Vendor: Hcl Software
Status: Digital Experience
Vendor: CVE Published:; 11 October 2023

Summary

HCL Digital Experience is vulnerable to a reflected cross site scripting (XSS) attack. This vulnerability allows an attacker to craft a malicious URL, which, when clicked by a victim, can lead to the execution of unintended scripts in the context of the user's session. The attacker may use various delivery mechanisms, such as email or third-party websites, to lure victims into opening the harmful link. This could result in unauthorized access to sensitive information or further exploitation of the web application.

Affected Version(s)

Digital Experience 8.5, 9.0, 9.5

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 11, 2023
Vulnerability Reserved
Jul 6, 2023