| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks. |
| Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives |
| An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests |
| File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. |
| CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. |
| Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. |
| HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. |
| HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. |
| A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint. |
| HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. |
| HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data. |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. |
| Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications. |
| Missing "no cache" headers in HCL Leap permits user directory information to be cached. |
| Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications. |
| Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications. |
| Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment. |
| Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget. |
| Insufficient default configuration in HCL Leap
allows anonymous access to directory information. |
