Vulnerability Details : CVE-2023-28017
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2023-28017
- cpe:2.3:a:hcltech:connections:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:hcltech:connections:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28017
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28017
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST | |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
HCL Software |
CWE ids for CVE-2023-28017
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-28017
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108264
Security Bulletin: HCL Connections Security Update for Cross-Site Scripting Vulnerability (CVE-2023-28017)Patch;Vendor Advisory
Jump to