What is the vulnerability ID for this HCL Verse vulnerability?

The vulnerability ID for this HCL Verse vulnerability is CVE-2023-28013.

What is the severity of CVE-2023-28013?

CVE-2023-28013 has a severity rating of 6.1, which is classified as medium.

How can an attacker exploit CVE-2023-28013?

An attacker can exploit CVE-2023-28013 by tricking a user into entering crafted markup, which allows the attacker to execute scripts in the victim's browser and potentially perform unauthorized operations or steal sensitive information.

Is there a fix available for CVE-2023-28013?

Yes, please refer to the official HCL Tech support website for information on available patches or updates to fix the vulnerability.

Vulnerability/
CVE-2023-28013

medium

6.5

CWE

26/7/2023

23/10/2024

CVE-2023-28013: HCL Verse is susceptible to a Reflected Cross-Site Scripting (XSS) Vulnerability

Q: How does the Reflected Cross Site Scripting (XSS) vulnerability in HCL Verse work?

The Reflected Cross Site Scripting (XSS) vulnerability in HCL Verse allows a remote attacker to execute malicious scripts in a victim's browser by tricking them into entering specially crafted markup.

First published: Wed Jul 26 2023(Updated: )

HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.

Credit: psirt@hcl.com psirt@hcl.com

Affected Software	Affected Version	How to fix
Hcltech Verse	<3.1

Never miss a vulnerability like this again

Reference Links

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105905

Frequently Asked Questions

What is the vulnerability ID for this HCL Verse vulnerability?
The vulnerability ID for this HCL Verse vulnerability is CVE-2023-28013.
What is the severity of CVE-2023-28013?
CVE-2023-28013 has a severity rating of 6.1, which is classified as medium.
How does the Reflected Cross Site Scripting (XSS) vulnerability in HCL Verse work?
The Reflected Cross Site Scripting (XSS) vulnerability in HCL Verse allows a remote attacker to execute malicious scripts in a victim's browser by tricking them into entering specially crafted markup.
How can an attacker exploit CVE-2023-28013?
An attacker can exploit CVE-2023-28013 by tricking a user into entering crafted markup, which allows the attacker to execute scripts in the victim's browser and potentially perform unauthorized operations or steal sensitive information.
Is there a fix available for CVE-2023-28013?
Yes, please refer to the official HCL Tech support website for information on available patches or updates to fix the vulnerability.

collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-latest
agent/references
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/title
agent/tags
agent/first-publish-date
agent/event
vendor/hcltech
canonical/hcltech verse

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.