Filtered by vendor Hcltech Subscriptions
Filtered by product Digital Experience Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-37538 1 Hcltech 1 Digital Experience 2024-11-21 9.3 Critical
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
CVE-2022-38653 1 Hcltech 1 Digital Experience 2024-11-21 2 Low
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
CVE-2020-4081 1 Hcltech 1 Digital Experience 2024-11-21 6.1 Medium
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
CVE-2020-14255 1 Hcltech 1 Digital Experience 2024-11-21 7.5 High
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
CVE-2020-14223 1 Hcltech 1 Digital Experience 2024-11-21 6.1 Medium
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.
CVE-2020-14221 1 Hcltech 1 Digital Experience 2024-11-21 4.9 Medium
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.