Lucene search

[email protected]CVE-2023-37538

HistoryOct 11, 2023 - 1:15 p.m.

CVE-2023-37538

2023-10-1113:15:09

CWE-79

[email protected]

web.nvd.nist.gov

hcl

digital experience

xss

vulnerability

cve-2023-37538

nvd

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

Affected configurations

NVD

Node

hcltechdigital_experienceMatch8.5

hcltechdigital_experienceMatch9.0

hcltechdigital_experienceMatch9.5

CPENameOperatorVersion
hcltech:digital_experiencehcltech digital experienceeq8.5
hcltech:digital_experiencehcltech digital experienceeq9.0
hcltech:digital_experiencehcltech digital experienceeq9.5

CPE	Name	Operator	Version
hcltech:digital_experience	hcltech digital experience	eq	8.5
hcltech:digital_experience	hcltech digital experience	eq	9.0
hcltech:digital_experience	hcltech digital experience	eq	9.5

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Digital Experience",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "8.5, 9.0, 9.5"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108006

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-37538

prion1 nvd1 cvelist1