CVE-2022-38653: HCL Digital Experience is susceptible to cross-site scripting (XSS)
First published: Thu Dec 15 2022(Updated: )
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Digital Experience | =8.5 | |
| Hcltech Digital Experience | =9.0 | |
| Hcltech Digital Experience | =9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-38653.
What is the severity level of CVE-2022-38653?
The severity level of CVE-2022-38653 is medium.
What is the affected software for CVE-2022-38653?
The affected software for CVE-2022-38653 is HCL Digital Experience versions 8.5, 9.0, and 9.5.
What is the CWE classification for CVE-2022-38653?
The CWE classification for CVE-2022-38653 is CWE-79.
How can I fix CVE-2022-38653?
To fix CVE-2022-38653, it is recommended to update to the latest version of HCL Digital Experience.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- vendor/hcltech
- canonical/hcltech digital experience
- version/hcltech digital experience/8.5
- version/hcltech digital experience/9.0
- version/hcltech digital experience/9.5