Hcltech: Security Vulnerabilities
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This XSS vulnerability is in the Download Status Report, which is served by the BigFix Server.
CVSS Score
7.7
EPSS Score
0.002
Published
2023-12-21
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed and stored in the server storage.
CVSS Score
6.6
EPSS Score
0.001
Published
2023-12-21
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
CVSS Score
3.5
EPSS Score
0.004
Published
2023-12-15
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
CVSS Score
5.4
EPSS Score
0.008
Published
2023-12-07
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-09
HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-10-23
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-19
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-19
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-10-18
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-10-17