Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-28025 Cross-site Scripting vulnerability in Hcltech Bigfix Modern Client Management 2.0/2.1
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie.
network
low complexity
hcltech CWE-79
4.8
2023-12-15 CVE-2023-28022 Unspecified vulnerability in Hcltech Connections
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
network
low complexity
hcltech
6.5
2023-12-07 CVE-2023-28017 Cross-site Scripting vulnerability in Hcltech Connections
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code.
network
low complexity
hcltech CWE-79
5.4
2023-11-09 CVE-2023-37533 Cross-site Scripting vulnerability in Hcltech Connections 8.0
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code.
network
low complexity
hcltech CWE-79
6.1
2023-10-23 CVE-2023-37532 Path Traversal vulnerability in Hcltech Commerce
HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.
network
low complexity
hcltech CWE-22
4.3
2023-10-19 CVE-2023-37503 Weak Password Requirements vulnerability in Hcltech HCL Compass
HCL Compass is vulnerable to insecure password requirements.
network
low complexity
hcltech CWE-521
critical
9.8
2023-10-19 CVE-2023-37504 Insufficient Session Expiration vulnerability in Hcltech HCL Compass
HCL Compass is vulnerable to failure to invalidate sessions.
network
low complexity
hcltech CWE-613
6.5
2023-10-18 CVE-2023-37502 Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech HCL Compass
HCL Compass is vulnerable to lack of file upload security.
network
low complexity
hcltech CWE-434
8.8
2023-10-17 CVE-2023-37537 Unquoted Search Path or Element vulnerability in Hcltech Appscan Presence
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges.
local
low complexity
hcltech CWE-428
7.8
2023-10-11 CVE-2023-37538 Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5
HCL Digital Experience is susceptible to cross site scripting (XSS).
network
low complexity
hcltech CWE-79
6.1