Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-30112

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.

Published

2024-06-25T22:15:30.117

Last Modified

2025-10-28T18:53:09.860

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hcltech	connections	7.0	Yes
Application	hcltech	connections	8.0	Yes
Application	hcltech	connections	8.0	Yes
Application	hcltech	connections	8.0	Yes
Application	hcltech	connections	8.0	Yes
Application	hcltech	connections	8.0	Yes
Application	hcltech	connections	8.0	Yes
Application	hcltech	connections	8.0	Yes

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114148 Vendor Advisory ([email protected])
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114148 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)