| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. |
| Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. |
| HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. |
| HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. |
| A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint. |
| HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. |
| HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data. |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. |
| Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications. |
| Missing "no cache" headers in HCL Leap permits user directory information to be cached. |
| Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications. |
| Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications. |
| Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment. |
| Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget. |
| Insufficient default configuration in HCL Leap
allows anonymous access to directory information. |
| Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters. |
| Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem. |
| HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks. |
| HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see. |
