CVE-2023-28017
moderate-risk
Published 2023-12-07
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks.
Do I need to act?
-
0.78% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10
Medium
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
34
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
3/34 · Minimal
Exposure
10/34 · Low