XSS Vulnerability in HCL Aftermarket EPC Software
CVE-2024-23569

4.3MEDIUM

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2024-23569?

HCL Aftermarket EPC is exposed to security threats due to the absence of the 'X-XSS-Protection' header in its server configuration. This vulnerability can allow an attacker to execute malicious scripts in the context of the user's session, potentially leading to data theft and manipulation. Implementing proper security headers is crucial to mitigate such risks and safeguard user data.

Affected Version(s)

Aftermarket EPC version 1.0.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.