CVE-2023-45707 – HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45707
HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks. HCL Connections Docs es vulnerable a un ataque de Cross-Site Scripting donde un atacante puede aprovechar este problema para ejecutar código arbitrario. Esto puede provocar la divulgación de credenciales y posiblemente lanzar ataques adicionales. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-23584 – HCL BigFix Asset Discovery is affected by a security vulnerability
https://notcve.org/view.php?id=CVE-2024-23584
The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry. El servicio NMAP Importer puede exponer las credenciales del almacén de datos a usuarios autorizados del Registro de Windows. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112264 •