CVE-2020-4080
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
18/12/2020
Last modified:
22/12/2020
Description
HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hcltech:domino:10.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:domino:10.0.1:-:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_1:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_2:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_3:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_4:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:domino:10.0.1:fix_pack_5:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:domino:11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:domino:11.0.1:-:*:*:*:*:*:* | ||
| cpe:2.3:a:hcltech:domino:11.0.1:fix_pack_1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page