Search criteria
21 vulnerabilities found for digital_experience by hcltech
FKIE_CVE-2025-31988
Vulnerability from fkie_nvd - Published: 2025-08-19 19:15 - Updated: 2025-08-21 18:50
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123435 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | digital_experience | 8.5 | |
| hcltech | digital_experience | 9.0 | |
| hcltech | digital_experience | 9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F09E2-2B02-4968-AEE7-7AC61F49E770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48F32E9E-34AA-4009-AE1E-593D37CAD690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62500C2-18E4-437C-952C-5012C52B2888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access."
},
{
"lang": "es",
"value": "HCL Digital Experience es susceptible a cross site scripting (XSS) en una interfaz de usuario administrativa con acceso restringido."
}
],
"id": "CVE-2025-31988",
"lastModified": "2025-08-21T18:50:08.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-19T19:15:34.690",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123435"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@hcl.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-37538
Vulnerability from fkie_nvd - Published: 2023-10-11 13:15 - Updated: 2024-11-21 08:11
Severity ?
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108006 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108006 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | digital_experience | 8.5 | |
| hcltech | digital_experience | 9.0 | |
| hcltech | digital_experience | 9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F09E2-2B02-4968-AEE7-7AC61F49E770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48F32E9E-34AA-4009-AE1E-593D37CAD690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62500C2-18E4-437C-952C-5012C52B2888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).\n"
},
{
"lang": "es",
"value": "HCL Digital Experience es susceptible a Cross-Site Scripting (XSS). Un subcomponente es vulnerable al XSS reflejado. En XSS reflejado, un atacante debe inducir a la v\u00edctima a hacer click en una URL manipulada desde alg\u00fan mecanismo de entrega (correo electr\u00f3nico, otro sitio web)."
}
],
"id": "CVE-2023-37538",
"lastModified": "2024-11-21T08:11:53.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-11T13:15:09.557",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108006"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-38653
Vulnerability from fkie_nvd - Published: 2022-12-19 11:15 - Updated: 2025-04-18 15:15
Severity ?
2.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | digital_experience | 8.5 | |
| hcltech | digital_experience | 9.0 | |
| hcltech | digital_experience | 9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F09E2-2B02-4968-AEE7-7AC61F49E770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48F32E9E-34AA-4009-AE1E-593D37CAD690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62500C2-18E4-437C-952C-5012C52B2888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.\n"
},
{
"lang": "es",
"value": "En HCL Digital Experience, el payload XSS personalizado se puede construir de manera que se entregue en la aplicaci\u00f3n sin codificar."
}
],
"id": "CVE-2022-38653",
"lastModified": "2025-04-18T15:15:52.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 1.4,
"source": "psirt@hcl.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T11:15:10.257",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-4081
Vulnerability from fkie_nvd - Published: 2021-02-02 21:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | digital_experience | 8.5 | |
| hcltech | digital_experience | 9.0 | |
| hcltech | digital_experience | 9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F09E2-2B02-4968-AEE7-7AC61F49E770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48F32E9E-34AA-4009-AE1E-593D37CAD690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62500C2-18E4-437C-952C-5012C52B2888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS)."
},
{
"lang": "es",
"value": "En Digital Experience versiones 8.5, 9.0 y 9.5, el consumidor de WSRP es vulnerable a un ataque de tipo cross-site scripting (XSS)"
}
],
"id": "CVE-2020-4081",
"lastModified": "2024-11-21T05:32:16.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-02T21:15:14.007",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14221
Vulnerability from fkie_nvd - Published: 2021-02-02 20:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | digital_experience | 8.5 | |
| hcltech | digital_experience | 9.0 | |
| hcltech | digital_experience | 9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F09E2-2B02-4968-AEE7-7AC61F49E770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48F32E9E-34AA-4009-AE1E-593D37CAD690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62500C2-18E4-437C-952C-5012C52B2888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users."
},
{
"lang": "es",
"value": "HCL Digital Experience versiones 8.5, 9.0 y 9.5, expone informaci\u00f3n sobre el servidor a usuarios no autorizados"
}
],
"id": "CVE-2020-14221",
"lastModified": "2024-11-21T05:02:53.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-02T20:15:11.737",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14255
Vulnerability from fkie_nvd - Published: 2021-02-02 20:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | digital_experience | 9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62500C2-18E4-437C-952C-5012C52B2888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations."
},
{
"lang": "es",
"value": "Los contenedores de HCL Digital Experience versi\u00f3n 9.5, incluyen vulnerabilidades que podr\u00edan exponer datos confidenciales a partes no autorizadas por medio de peticiones dise\u00f1adas.\u0026#xa0;Estos afectan solo a los contenedores.\u0026#xa0;Estos no afectan las instalaciones tradicionales on-premise"
}
],
"id": "CVE-2020-14255",
"lastModified": "2024-11-21T05:02:55.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-02T20:15:11.910",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14223
Vulnerability from fkie_nvd - Published: 2020-10-01 20:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@hcl.com | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0082645 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0082645 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hcltech | digital_experience | 8.5 | |
| hcltech | digital_experience | 9.0 | |
| hcltech | digital_experience | 9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F09E2-2B02-4968-AEE7-7AC61F49E770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48F32E9E-34AA-4009-AE1E-593D37CAD690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E62500C2-18E4-437C-952C-5012C52B2888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack."
},
{
"lang": "es",
"value": "HCL Digital Experience versiones 8.5, 9.0, 9.5, es susceptible a una vulnerabilidad de tipo cross-site scripting (XSS).\u0026#xa0;La vulnerabilidad podr\u00eda ser empleada en un ataque de tipo XSS reflejado o no persistente"
}
],
"id": "CVE-2020-14223",
"lastModified": "2024-11-21T05:02:53.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-01T20:15:13.143",
"references": [
{
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645"
}
],
"sourceIdentifier": "psirt@hcl.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-31988 (GCVE-0-2025-31988)
Vulnerability from cvelistv5 – Published: 2025-08-19 18:12 – Updated: 2025-08-19 18:35
VLAI?
Title
HCL Digital Experience is susceptible to cross site scripting (XSS)
Summary
HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.
Severity ?
4.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Digital Experience |
Affected:
8.5, 9.0, 9.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T18:35:35.686971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T18:35:46.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Digital Experience",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0, 9.5"
}
]
}
],
"datePublic": "2025-08-19T18:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. \u003cbr\u003e"
}
],
"value": "HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T18:12:07.098Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123435"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Digital Experience is susceptible to cross site scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-31988",
"datePublished": "2025-08-19T18:12:07.098Z",
"dateReserved": "2025-04-01T18:46:33.656Z",
"dateUpdated": "2025-08-19T18:35:46.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37538 (GCVE-0-2023-37538)
Vulnerability from cvelistv5 – Published: 2023-10-11 12:53 – Updated: 2024-09-18 16:02
VLAI?
Title
HCL Digital Experience is susceptible to cross site scripting (XSS)
Summary
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
Severity ?
9.3 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Digital Experience |
Affected:
8.5, 9.0, 9.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108006"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T16:02:48.331537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:02:56.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Digital Experience",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0, 9.5"
}
]
}
],
"datePublic": "2023-10-11T12:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T12:53:10.796Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Digital Experience is susceptible to cross site scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37538",
"datePublished": "2023-10-11T12:53:10.796Z",
"dateReserved": "2023-07-06T16:29:45.713Z",
"dateUpdated": "2024-09-18T16:02:56.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38653 (GCVE-0-2022-38653)
Vulnerability from cvelistv5 – Published: 2022-12-15 20:56 – Updated: 2025-04-18 14:56
VLAI?
Title
HCL Digital Experience is susceptible to cross-site scripting (XSS)
Summary
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
Severity ?
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Digital Experience |
Affected:
8.5, 9.0, 9.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T14:55:45.278588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T14:56:02.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Digital Experience",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0, 9.5"
}
]
}
],
"datePublic": "2022-12-15T19:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.\u003cbr\u003e"
}
],
"value": "In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T10:00:14.221Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Digital Experience is susceptible to cross-site scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-38653",
"datePublished": "2022-12-15T20:56:55.103Z",
"dateReserved": "2022-08-22T16:31:27.393Z",
"dateUpdated": "2025-04-18T14:56:02.038Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4081 (GCVE-0-2020-4081)
Vulnerability from cvelistv5 – Published: 2021-02-02 20:08 – Updated: 2024-08-04 07:52
VLAI?
Summary
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
Severity ?
No CVSS data available.
CWE
- "Cross-site scripting"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Digital Experience |
Affected:
8.5
Affected: 9.0 Affected: 9.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Digital Experience",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Cross-site scripting\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T20:08:48",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Digital Experience",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
},
{
"version_value": "9.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Cross-site scripting\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4081",
"datePublished": "2021-02-02T20:08:48",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14255 (GCVE-0-2020-14255)
Vulnerability from cvelistv5 – Published: 2021-02-02 19:40 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
Severity ?
No CVSS data available.
CWE
- "Sensitive data exposure"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Digital Experience |
Affected:
9.5 (containers only)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Digital Experience",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.5 (containers only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Sensitive data exposure\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T19:40:31",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Digital Experience",
"version": {
"version_data": [
{
"version_value": "9.5 (containers only)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Sensitive data exposure\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14255",
"datePublished": "2021-02-02T19:40:31",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14221 (GCVE-0-2020-14221)
Vulnerability from cvelistv5 – Published: 2021-02-02 19:31 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
Severity ?
No CVSS data available.
CWE
- "Security misconfiguration"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Digital Experience |
Affected:
8.5
Affected: 9.0 Affected: 9.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Digital Experience",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Security misconfiguration\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T19:31:57",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Digital Experience",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
},
{
"version_value": "9.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Security misconfiguration\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14221",
"datePublished": "2021-02-02T19:31:57",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14223 (GCVE-0-2020-14223)
Vulnerability from cvelistv5 – Published: 2020-10-01 19:31 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.
Severity ?
No CVSS data available.
CWE
- cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Digital Experience |
Affected:
8.5, 9.0, 9.5.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Digital Experience",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0, 9.5."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T19:31:53",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Digital Experience",
"version": {
"version_data": [
{
"version_value": "8.5, 9.0, 9.5."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14223",
"datePublished": "2020-10-01T19:31:53",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31988 (GCVE-0-2025-31988)
Vulnerability from nvd – Published: 2025-08-19 18:12 – Updated: 2025-08-19 18:35
VLAI?
Title
HCL Digital Experience is susceptible to cross site scripting (XSS)
Summary
HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.
Severity ?
4.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Digital Experience |
Affected:
8.5, 9.0, 9.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T18:35:35.686971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T18:35:46.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Digital Experience",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0, 9.5"
}
]
}
],
"datePublic": "2025-08-19T18:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. \u003cbr\u003e"
}
],
"value": "HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T18:12:07.098Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123435"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Digital Experience is susceptible to cross site scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2025-31988",
"datePublished": "2025-08-19T18:12:07.098Z",
"dateReserved": "2025-04-01T18:46:33.656Z",
"dateUpdated": "2025-08-19T18:35:46.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37538 (GCVE-0-2023-37538)
Vulnerability from nvd – Published: 2023-10-11 12:53 – Updated: 2024-09-18 16:02
VLAI?
Title
HCL Digital Experience is susceptible to cross site scripting (XSS)
Summary
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
Severity ?
9.3 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Digital Experience |
Affected:
8.5, 9.0, 9.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108006"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T16:02:48.331537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:02:56.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Digital Experience",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0, 9.5"
}
]
}
],
"datePublic": "2023-10-11T12:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T12:53:10.796Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0108006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Digital Experience is susceptible to cross site scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37538",
"datePublished": "2023-10-11T12:53:10.796Z",
"dateReserved": "2023-07-06T16:29:45.713Z",
"dateUpdated": "2024-09-18T16:02:56.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38653 (GCVE-0-2022-38653)
Vulnerability from nvd – Published: 2022-12-15 20:56 – Updated: 2025-04-18 14:56
VLAI?
Title
HCL Digital Experience is susceptible to cross-site scripting (XSS)
Summary
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
Severity ?
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | HCL Digital Experience |
Affected:
8.5, 9.0, 9.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T14:55:45.278588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T14:56:02.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Digital Experience",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0, 9.5"
}
]
}
],
"datePublic": "2022-12-15T19:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.\u003cbr\u003e"
}
],
"value": "In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T10:00:14.221Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102141"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Digital Experience is susceptible to cross-site scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2022-38653",
"datePublished": "2022-12-15T20:56:55.103Z",
"dateReserved": "2022-08-22T16:31:27.393Z",
"dateUpdated": "2025-04-18T14:56:02.038Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4081 (GCVE-0-2020-4081)
Vulnerability from nvd – Published: 2021-02-02 20:08 – Updated: 2024-08-04 07:52
VLAI?
Summary
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
Severity ?
No CVSS data available.
CWE
- "Cross-site scripting"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Digital Experience |
Affected:
8.5
Affected: 9.0 Affected: 9.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Digital Experience",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Cross-site scripting\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T20:08:48",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-4081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Digital Experience",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
},
{
"version_value": "9.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Cross-site scripting\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-4081",
"datePublished": "2021-02-02T20:08:48",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14255 (GCVE-0-2020-14255)
Vulnerability from nvd – Published: 2021-02-02 19:40 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
Severity ?
No CVSS data available.
CWE
- "Sensitive data exposure"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Digital Experience |
Affected:
9.5 (containers only)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Digital Experience",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.5 (containers only)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Sensitive data exposure\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T19:40:31",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Digital Experience",
"version": {
"version_data": [
{
"version_value": "9.5 (containers only)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Sensitive data exposure\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14255",
"datePublished": "2021-02-02T19:40:31",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14221 (GCVE-0-2020-14221)
Vulnerability from nvd – Published: 2021-02-02 19:31 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
Severity ?
No CVSS data available.
CWE
- "Security misconfiguration"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Digital Experience |
Affected:
8.5
Affected: 9.0 Affected: 9.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Digital Experience",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Security misconfiguration\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T19:31:57",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Digital Experience",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "9.0"
},
{
"version_value": "9.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Security misconfiguration\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0085225"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14221",
"datePublished": "2021-02-02T19:31:57",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14223 (GCVE-0-2020-14223)
Vulnerability from nvd – Published: 2020-10-01 19:31 – Updated: 2024-08-04 12:39
VLAI?
Summary
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.
Severity ?
No CVSS data available.
CWE
- cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL Digital Experience |
Affected:
8.5, 9.0, 9.5.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL Digital Experience",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.5, 9.0, 9.5."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T19:31:53",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2020-14223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL Digital Experience",
"version": {
"version_data": [
{
"version_value": "8.5, 9.0, 9.5."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2020-14223",
"datePublished": "2020-10-01T19:31:53",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}