cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-37497,https://securityvulnerability.io/vulnerability/CVE-2023-37497,"An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform ","The HCL Unica application features an application programming interface (API) that unintentionally permits the processing of arbitrary XML input. By cleverly crafting and submitting XML payloads, an authenticated attacker with appropriate privileges can exploit this vulnerability to execute XML External Entity (XXE) attacks, leading to potential exposure of sensitive data, server-side request forgery (SSRF), and other security risks to the backend services.",Hcl Software,Hcl Unica Platform,8.1,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-08-03T22:15:00.000Z,0
CVE-2023-37498,https://securityvulnerability.io/vulnerability/CVE-2023-37498,HCL Unica Platform is vulnerable to a privilege escalation by unauthorized group assignation,"A weakness exists in HCL Software products that permits users to elevate their privileges by leveraging a POST request initially intended for administrative use. By reusing this request, malicious actors could assign themselves to unauthorized groups, potentially compromising system integrity and access controls.",Hcl Software,Hcl Unica Platform,8.1,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2023-08-03T22:15:00.000Z,0
CVE-2023-37499,https://securityvulnerability.io/vulnerability/CVE-2023-37499,A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform,"A persistent cross-site scripting (XSS) vulnerability exists in the Unica Platform, which allows an attacker to inject malicious scripts into web pages that are viewed by other users. This could lead to session hijacking, data theft, and unauthorized actions performed on behalf of the users. Organizations using Unica Platform should take immediate action to mitigate this vulnerability and ensure their user data remains secure.",Hcl Software,Hcl Unica Platform,8.1,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2023-08-03T22:15:00.000Z,0
CVE-2023-37500,https://securityvulnerability.io/vulnerability/CVE-2023-37500,A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform,"A persistent Cross-site Scripting (XSS) vulnerability exists in the HCL Unica Platform, enabling attackers to inject malicious scripts on certain pages. This issue allows unauthorized users to hijack valid user sessions, potentially leading to further exploitation or data theft. Organizations using affected versions of Unica must implement mitigation strategies to secure their applications.",Hcl Software,Hcl Unica Platform,8.1,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2023-08-03T22:15:00.000Z,0