Vulnerabilities > Hcltech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-01 | CVE-2023-37496 | Cross-site Scripting vulnerability in Hcltech Verse HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. | 5.4 |
| 2023-07-27 | CVE-2023-28014 | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile 3.0 HCL BigFix Mobile is vulnerable to a cross-site scripting attack. | 5.4 |
| 2023-07-26 | CVE-2023-28013 | Cross-site Scripting vulnerability in Hcltech Verse HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-07-18 | CVE-2023-28023 | Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Webui 14/20/44 A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | 6.5 |
| 2023-07-18 | CVE-2023-28020 | Open Redirect vulnerability in Hcltech Bigfix Webui URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | 6.1 |
| 2023-06-23 | CVE-2023-23344 | Incorrect Default Permissions vulnerability in Hcltech Bigfix Webui Insights 14 A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | 6.5 |
| 2023-06-22 | CVE-2023-28016 | Injection vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain. | 6.1 |
| 2023-06-22 | CVE-2023-23343 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Bigfix OSD Bare Metal Server 311.12 A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. | 6.1 |
| 2023-03-10 | CVE-2021-27788 | Cross-site Scripting vulnerability in Hcltech Verse HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-02-12 | CVE-2022-38657 | Open Redirect vulnerability in Hcltech HCL Leap An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | 5.4 |