CVE-2023-37499: A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform
First published: Thu Aug 03 2023(Updated: )
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks.
Credit: psirt@hcl.com psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Unica | <12.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2023-37499.
What is the severity of CVE-2023-37499?
The severity of CVE-2023-37499 is high.
What is the affected software for CVE-2023-37499?
The affected software for CVE-2023-37499 is Hcltech Unica version up to exclusive 12.1.1.
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-79.
How can I fix the Persistent Cross-site Scripting (XSS) vulnerability in Unica Platform?
To fix the Persistent Cross-site Scripting (XSS) vulnerability in Unica Platform, you should upgrade to a version higher than or equal to 12.1.1 and follow the guidance provided by the software vendor.
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/hcltech
- canonical/hcltech unica