CVE-2023-37533: HCL Connections is vulnerable to reflected cross-site scripting
First published: Wed Nov 08 2023(Updated: )
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Connections | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-37533?
CVE-2023-37533 is a vulnerability in HCL Connections that allows attackers to execute arbitrary script code in the browser of unsuspecting users through a malicious URL.
How does the HCL Connections vulnerability work?
The vulnerability in HCL Connections allows an attacker to inject and execute arbitrary script code in the browser when a user visits a specially crafted URL.
What is the severity of CVE-2023-37533?
The severity of CVE-2023-37533 is rated as medium with a CVSS score of 6.1.
Which version of HCL Connections is affected by CVE-2023-37533?
HCL Connections version 8.0 is affected by CVE-2023-37533.
How can I fix the HCL Connections vulnerability?
To fix the HCL Connections vulnerability, it is recommended to apply the latest security patches or updates provided by HCL Technologies.
- collector/nvd-api
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hcltech
- canonical/hcltech connections
- version/hcltech connections/8.0