CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38662 – HCL Digital Experience is susceptible to open redirects
https://notcve.org/view.php?id=CVE-2022-38662
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. En HCL Digital Experience, se pueden crear URL para redirigir a los usuarios a sitios que no son de confianza. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27774 – An injection vulnerability affects HCL Digital Experience
https://notcve.org/view.php?id=CVE-2021-27774
User input included in error response, which could be used in a phishing attack. Una entrada del usuario incluida en la respuesta de error, que podría ser usada en un ataque de phishing • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100491 • CWE-20: Improper Input Validation CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14222
https://notcve.org/view.php?id=CVE-2020-14222
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). HCL Digital Experience versiones 8.5, 9.0, 9.5 es susceptible a un ataque de tipo cross site scripting (XSS). Un subcomponente es vulnerable a un ataque de tipo XSS reflejado. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4101
https://notcve.org/view.php?id=CVE-2020-4101
"HCL Digital Experience is susceptible to Server Side Request Forgery." "HCL Digital Experience es susceptible a una Falsificación de Peticiones del Lado del Servidor" • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0079840 • CWE-918: Server-Side Request Forgery (SSRF) •