cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37538,https://securityvulnerability.io/vulnerability/CVE-2023-37538,HCL Digital Experience is susceptible to cross site scripting (XSS),"HCL Digital Experience is vulnerable to a reflected cross site scripting (XSS) attack. This vulnerability allows an attacker to craft a malicious URL, which, when clicked by a victim, can lead to the execution of unintended scripts in the context of the user's session. The attacker may use various delivery mechanisms, such as email or third-party websites, to lure victims into opening the harmful link. This could result in unauthorized access to sensitive information or further exploitation of the web application.",Hcl Software,Digital Experience,9.3,CRITICAL,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-10-11T13:15:00.000Z,0
CVE-2022-38653,https://securityvulnerability.io/vulnerability/CVE-2022-38653,HCL Digital Experience is susceptible to cross-site scripting (XSS),"In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
",Hcl Software,Hcl Digital Experience,2,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-19T11:15:00.000Z,0
CVE-2022-38662,https://securityvulnerability.io/vulnerability/CVE-2022-38662,HCL Digital Experience is susceptible to open redirects," In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.
",Hcl Software,Hcl Digital Experience,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-12-15T20:36:54.482Z,0
CVE-2021-27774,https://securityvulnerability.io/vulnerability/CVE-2021-27774,An injection vulnerability affects HCL Digital Experience,"User input included in error response, which could be used in a phishing attack.",Hcl Software,Hcl Digital Experience,3.1,LOW,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-09-22T21:15:00.000Z,0
CVE-2020-4081,https://securityvulnerability.io/vulnerability/CVE-2020-4081,Cross-Site Scripting Vulnerability in HCL Digital Experience Products,"The HCL Digital Experience versions 8.5, 9.0, and 9.5 contain a cross-site scripting (XSS) vulnerability in the WSRP consumer component. This allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising sensitive data. Users and organizations utilizing these versions should take immediate action to mitigate the risks associated with this vulnerability by following recommended security practices.",HCL Software,Hcl Digital Experience,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-02-02T20:08:48.000Z,0
CVE-2020-14255,https://securityvulnerability.io/vulnerability/CVE-2020-14255,Sensitive Data Exposure in HCL Digital Experience 9.5 Containers,"HCL Digital Experience version 9.5 containers suffer from vulnerabilities that could lead to unauthorized access to sensitive data through specially crafted requests. It is important to note that this issue is contained within containerized versions and does not impact traditional on-premises installations, emphasizing the need for heightened security measures in cloud and container environments.",HCL Software,Hcl Digital Experience,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-02-02T19:40:31.000Z,0
CVE-2020-14221,https://securityvulnerability.io/vulnerability/CVE-2020-14221,Information Exposure Vulnerability in HCL Digital Experience Products,"A security vulnerability was identified in HCL Digital Experience versions 8.5, 9.0, and 9.5, which allows unauthorized users to gain access to sensitive server information. This exposure can lead to potential security risks, making it imperative for organizations using these versions to take immediate remediation actions.",HCL Software,Hcl Digital Experience,4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-02-02T19:31:57.000Z,0
CVE-2020-14222,https://securityvulnerability.io/vulnerability/CVE-2020-14222,Cross Site Scripting Vulnerability in HCL Digital Experience,"HCL Digital Experience versions 8.5, 9.0, and 9.5 are susceptible to a cross site scripting (XSS) vulnerability, with a specific subcomponent facing the risk of reflected XSS. This type of vulnerability allows an attacker to craft a malicious URL, which they can deliver through various means, such as email or other websites. When a victim clicks on the deceptive link, it can execute arbitrary scripts in the context of their browser session, potentially compromising sensitive information. It is crucial for users of these versions to apply updates and follow security best practices to mitigate this risk.",HCL Software,Hcl Digital Experience,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-11-05T16:52:20.000Z,0
CVE-2020-14223,https://securityvulnerability.io/vulnerability/CVE-2020-14223,Cross-Site Scripting Vulnerability in HCL Digital Experience by HCL Technologies,"HCL Digital Experience versions 8.5, 9.0, and 9.5 are vulnerable to a cross-site scripting (XSS) flaw that can lead to reflected or non-persistent attacks. This security issue allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising sensitive information or executing unauthorized actions on behalf of the user. Organizations using these affected versions must implement appropriate mitigation strategies to protect against this vulnerability.",HCL Software,Hcl Digital Experience,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-10-01T19:31:53.000Z,0
CVE-2020-4101,https://securityvulnerability.io/vulnerability/CVE-2020-4101,Server Side Request Forgery Vulnerability in HCL Digital Experience,"HCL Digital Experience has a vulnerability that allows for Server Side Request Forgery (SSRF), potentially allowing an attacker to send crafted requests from the server to internal or external resources. This can lead to unauthorized access to sensitive data or services, exploiting the trust relationship between the server and those resources.",HCL Software,"""hcl Digital Experience""",9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-06-11T13:20:13.000Z,0