Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-4080

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.

Published

2020-12-18T22:15:12.590

Last Modified

2024-11-21T05:32:16.050

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hcltech	domino	10.0.0	Yes
Application	hcltech	domino	10.0.1	Yes
Application	hcltech	domino	10.0.1	Yes
Application	hcltech	domino	10.0.1	Yes
Application	hcltech	domino	10.0.1	Yes
Application	hcltech	domino	10.0.1	Yes
Application	hcltech	domino	10.0.1	Yes
Application	hcltech	domino	11.0	Yes
Application	hcltech	domino	11.0.1	Yes
Application	hcltech	domino	11.0.1	Yes

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085887 Patch, Vendor Advisory ([email protected])
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085887 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)