CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14221
https://notcve.org/view.php?id=CVE-2020-14221
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users. HCL Digital Experience versiones 8.5, 9.0 y 9.5, expone información sobre el servidor a usuarios no autorizados • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085225 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14222
https://notcve.org/view.php?id=CVE-2020-14222
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). HCL Digital Experience versiones 8.5, 9.0, 9.5 es susceptible a un ataque de tipo cross site scripting (XSS). Un subcomponente es vulnerable a un ataque de tipo XSS reflejado. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0084769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14223
https://notcve.org/view.php?id=CVE-2020-14223
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack. HCL Digital Experience versiones 8.5, 9.0, 9.5, es susceptible a una vulnerabilidad de tipo cross-site scripting (XSS). La vulnerabilidad podría ser empleada en un ataque de tipo XSS reflejado o no persistente • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0082645 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4101
https://notcve.org/view.php?id=CVE-2020-4101
"HCL Digital Experience is susceptible to Server Side Request Forgery." "HCL Digital Experience es susceptible a una Falsificación de Peticiones del Lado del Servidor" • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0079840 • CWE-918: Server-Side Request Forgery (SSRF) •