HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
References
Link | Resource |
---|---|
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085887 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-12-18 14:15
Updated : 2020-12-22 08:19
NVD link : CVE-2020-4080
Mitre link : CVE-2020-4080
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
hcltech
- domino