Vulnerability Details : CVE-2023-37533
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2023-37533
- cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-37533
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-37533
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST | |
|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
HCL Software |
CWE ids for CVE-2023-37533
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-37533
-
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108434
Security Bulletin: HCL Connections Security Update for Reflected Cross-Site Scripting Vulnerability (CVE-2023-37533)Vendor Advisory
Jump to