Filtered by vendor Hcltech
Subscribe
Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45715 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 3.5 LOW |
| The console may experience a service interruption when processing file names with invalid characters. | |||||
| CVE-2023-45706 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 2.0 LOW |
| An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration. | |||||
| CVE-2023-45705 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 3.5 LOW |
| An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options. | |||||
| CVE-2023-45698 | 1 Hcltech | 1 Sametime Chat And Meetings | 2026-06-17 | N/A | 4.8 MEDIUM |
| Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. | |||||
| CVE-2023-45696 | 1 Hcltech | 1 Sametime | 2026-06-17 | N/A | 4.0 MEDIUM |
| Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. | |||||
| CVE-2023-37541 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.5 LOW |
| HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | |||||
| CVE-2023-37540 | 1 Hcltech | 1 Sametime | 2026-06-17 | N/A | 3.9 LOW |
| Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data. | |||||
| CVE-2023-37539 | 1 Hcltech | 1 Domino | 2026-06-17 | N/A | 8.4 HIGH |
| The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. | |||||
| CVE-2023-37538 | 1 Hcltech | 1 Digital Experience | 2026-06-17 | N/A | 9.3 CRITICAL |
| HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | |||||
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2026-06-17 | N/A | 7.8 HIGH |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | |||||
| CVE-2023-37536 | 3 Apache, Fedoraproject, Hcltech | 3 Xerces-c\+\+, Fedora, Bigfix Platform | 2026-06-17 | N/A | 8.2 HIGH |
| An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | |||||
| CVE-2023-37535 | 1 Hcltech | 1 Domino Leap | 2026-06-17 | N/A | 7.1 HIGH |
| Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters. | |||||
| CVE-2023-37534 | 1 Hcltech | 1 Hcl Leap | 2026-06-17 | N/A | 7.1 HIGH |
| Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | |||||
| CVE-2023-37533 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 5.4 MEDIUM |
| HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user's account then launch other attacks. | |||||
| CVE-2023-37532 | 1 Hcltech | 1 Commerce | 2026-06-17 | N/A | 5.8 MEDIUM |
| HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | |||||
| CVE-2023-37531 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 3.3 LOW |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. | |||||
| CVE-2023-37530 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 3.0 LOW |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. | |||||
| CVE-2023-37529 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 3.0 LOW |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530. | |||||
| CVE-2023-37528 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 6.5 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | |||||
| CVE-2023-37527 | 1 Hcltech | 1 Bigfix Platform | 2026-06-17 | N/A | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. | |||||