CVE-2022-42452

MEDIUM4.6Cross-site scripting

Description

HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

HCL Software / HCL Launch< 6.2.7.18, 7.0 -7.0.5.13, 7.1-7.1.2.9, 7.2-7.2.3.2, 7.3 – < 6.2.7.18, 7.0 -7.0.5.13, 7.1-7.1.2.9, 7.2-7.2.3.2, 7.3

References

MISChttps://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081