CVE-2023-45700

HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*
cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:27

Type Values Removed Values Added
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 - Vendor Advisory () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 - Vendor Advisory
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 4.3

02 Jan 2024, 16:47

Type Values Removed Values Added
CPE cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 5.4
First Time Hcltechsw
Hcltechsw hcl Launch
CWE CWE-79
Summary
  • (es) HCL Launch es vulnerable a la inyección de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podría provocar la divulgación de información confidencial.
References () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 - () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108644 - Vendor Advisory

21 Dec 2023, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-21 01:15

Updated : 2024-11-21 08:27


NVD link : CVE-2023-45700

Mitre link : CVE-2023-45700

CVE.ORG link : CVE-2023-45700


JSON object : View

Products Affected

hcltechsw

  • hcl_launch
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')