CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27545 – HCL BigFix Web Reports authorized users may perform HTML injection.
https://notcve.org/view.php?id=CVE-2022-27545
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. Los usuarios autorizados de BigFix Web Reports pueden llevar a cabo una inyección de HTML para la página de configuración administrativa del correo electrónico. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098998 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27544 – HCL BigFix Web Reports authorized users may see sensitive information in clear text
https://notcve.org/view.php?id=CVE-2022-27544
BigFix Web Reports authorized users may see SMTP credentials in clear text. Los usuarios autorizados de BigFix Web Reports pueden visualizar las credenciales SMTP en texto sin cifrar. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098998 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27786 – HCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin Trusted
https://notcve.org/view.php?id=CVE-2021-27786
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. Una compartición de recursos entre orígenes (CORS) permite a navegadores llevar a cabo peticiones entre dominios de forma controlada. Esta petición presenta un encabezado Origin que identifica el dominio que realiza la petición inicial y define el protocolo entre un navegador y un servidor para ver si la petición está permitida. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098603 • CWE-697: Incorrect Comparison CWE-942: Permissive Cross-domain Policy with Untrusted Domains •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27778 – HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information.
https://notcve.org/view.php?id=CVE-2021-27778
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. HCL Traveler es vulnerable a un cross-site scripting (XSS) causado por una validación inadecuada del parámetro Name para Approved Applications en las páginas web de administración de Traveler. Un atacante podría explotar esta vulnerabilidad para ejecutar un script malicioso para acceder a cualquier cookie, tokens de sesión u otra información sensible retenida por el navegador y utilizada con ese sitio • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098044 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27781 – HCL BigFix Mobile / Modern Client Management is vulnerable to stored cross-site scripting
https://notcve.org/view.php?id=CVE-2021-27781
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. El operador de Master puede ser capaz de insertar la etiqueta de script en HTML con la cookie de visualización de alertas • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •