CVE-2023-37538 – HCL Digital Experience is susceptible to cross site scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-37538
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). HCL Digital Experience es susceptible a Cross-Site Scripting (XSS). Un subcomponente es vulnerable al XSS reflejado. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38653 – HCL Digital Experience is susceptible to cross-site scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-38653
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. En HCL Digital Experience, el payload XSS personalizado se puede construir de manera que se entregue en la aplicación sin codificar. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38662 – HCL Digital Experience is susceptible to open redirects
https://notcve.org/view.php?id=CVE-2022-38662
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. En HCL Digital Experience, se pueden crear URL para redirigir a los usuarios a sitios que no son de confianza. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2021-27774 – An injection vulnerability affects HCL Digital Experience
https://notcve.org/view.php?id=CVE-2021-27774
User input included in error response, which could be used in a phishing attack. Una entrada del usuario incluida en la respuesta de error, que podría ser usada en un ataque de phishing • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0100491 • CWE-20: Improper Input Validation CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2020-4081
https://notcve.org/view.php?id=CVE-2020-4081
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS). En Digital Experience versiones 8.5, 9.0 y 9.5, el consumidor de WSRP es vulnerable a un ataque de tipo cross-site scripting (XSS) • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •