CVE-2020-4082: XSS
First published: Thu Mar 05 2020(Updated: )
The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HCL Connections | =5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this HCL Connections issue?
The vulnerability ID for this HCL Connections issue is CVE-2020-4082.
What is the severity of CVE-2020-4082?
CVE-2020-4082 has a severity rating of medium (5.4).
How does CVE-2020-4082 affect HCL Connections?
CVE-2020-4082 affects HCL Connections version 5.5.
What is the impact of CVE-2020-4082?
CVE-2020-4082 allows a remote attacker to execute malicious scripts in a victim's web browser within the security context of the hosting web.
Is there a solution to fix CVE-2020-4082?
Yes, applying the latest security patches or updates provided by HCL Technologies is recommended to fix CVE-2020-4082.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/hcltech
- canonical/hcl connections
- version/hcl connections/5.5