CVE-2022-42452

Published: Apr 2, 2023Modified: Feb 12, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.

Affected (5)

Products: Hcltechsw: Hcl Launch

Hcltechsw

1 product

Hcl Launch

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hcltechsw Hcl Launch	From 6.2.0.0 to 6.2.7.18
Hcltechsw Hcl Launch	From 7.0.5.0 to 7.0.5.13
Hcltechsw Hcl Launch	From 7.1.0.0 to 7.1.2.9
Hcltechsw Hcl Launch	From 7.2.0.0 to 7.2.3.2
Hcltechsw Hcl Launch	Version 7.3.0.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081

Source: psirt@hcl.com

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.