CVE-2023-28013

Опубликовано: 26 июл. 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 6.1

EPSS Низкий

Описание

HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105905
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105905
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:verse:*:*:*:*:*:*:*:*

Версия до 3.1 (исключая)

EPSS

Процентиль: 28%

0.001

Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-r463-3qpr-qg87

CVSS3: 6.6

github

больше 2 лет назад

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.

EPSS

Процентиль: 28%

0.001

Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79