CVE-2022-38653

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-38653
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102141 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:digital_experience:8.5:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:*:*:*:*:*:*:*
History

07 Nov 2023, 03:50

Type Values Removed Values Added
Summary In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
Information

Published : 2022-12-19 11:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-38653

Mitre link : CVE-2022-38653

CVE.ORG link : CVE-2022-38653

JSON object : View

Products Affected

hcltech

  • digital_experience
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')