XSS in Hcl Software Connections
CVE-2023-28017
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing mal…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (33.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Hcl Software Connections — versions 6.0, 6.5, 7.0, 8.0
- Hcltech Connections — versions 6.0, 6.5, 7.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- psirt@hcl.com (Patch, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-28017?
- CVE-2023-28017 is a medium-severity vulnerability in Hcl Software Connections, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2023-12-07.
- How severe is CVE-2023-28017?
- Medium severity. CVSS v3 base score is 5.4 out of 10.
- Is CVE-2023-28017 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.