Vulnerabilities > Hcltech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-22 | CVE-2021-27774 | Improper Input Validation vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5 User input included in error response, which could be used in a phishing attack. | 5.4 |
| 2022-09-15 | CVE-2022-27561 | Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0/12.0.1.1 There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). | 4.8 |
| 2022-08-30 | CVE-2022-27560 | Insufficiently Protected Credentials vulnerability in Hcltech Versionvault Express 2.0.1/2.1.0 HCL VersionVault Express exposes administrator credentials. | 6.5 |
| 2022-08-29 | CVE-2022-27546 | Cross-site Scripting vulnerability in Hcltech Domino and HCL Inotes HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. | 6.1 |
| 2022-07-19 | CVE-2022-27544 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may see SMTP credentials in clear text. | 6.5 |
| 2022-07-19 | CVE-2022-27545 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | 5.4 |
| 2022-06-01 | CVE-2021-27778 | Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0 HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. | 4.8 |
| 2022-05-27 | CVE-2021-27780 | Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | 5.3 |
| 2022-05-27 | CVE-2021-27781 | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | 4.8 |
| 2022-05-25 | CVE-2021-27783 | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | 6.5 |