CVE-2023-28017

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:connections:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:connections:6.5:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:53

Type Values Removed Values Added
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108264 - Patch, Vendor Advisory () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108264 - Patch, Vendor Advisory

12 Dec 2023, 15:51

Type Values Removed Values Added
CWE CWE-79
First Time Hcltech connections
Hcltech
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108264 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108264 - Patch, Vendor Advisory
CPE cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:connections:6.0:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:connections:6.5:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*

07 Dec 2023, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-07 05:15

Updated : 2024-11-21 07:53


NVD link : CVE-2023-28017

Mitre link : CVE-2023-28017

CVE.ORG link : CVE-2023-28017


JSON object : View

Products Affected

hcltech

  • connections
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')