CVE-2022-42452 - OpenCVE

HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hcltechsw	Hcl Launch

Configuration 1 [-]

OR	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch::::::::
	cpe:2.3:a:hcltechsw:hcl_launch:7.3.0.0:::::::*

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HCL

Published: 2023-03-30T20:37:43.755Z

Updated: 2023-04-02T18:48:52.109850Z

Reserved: 2022-10-06T16:01:51.741Z

Link: CVE-2022-42452

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-02T21:15:08.183

Modified: 2023-11-07T03:53:20.100

Link: CVE-2022-42452

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CC1876A-5DD0-4A09-8401-45260E1B7755", "versionEndIncluding": "6.2.7.18", "versionStartIncluding": "6.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BF95BEC-C6A5-4F65-9870-97E6FE4550B1", "versionEndIncluding": "7.0.5.13", "versionStartIncluding": "7.0.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DACC660-A022-4F97-AA54-25609D47E0F9", "versionEndIncluding": "7.1.2.9", "versionStartIncluding": "7.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", "matchCriteriaId": "B124C327-BBAF-491C-923B-531D90B80F38", "versionEndIncluding": "7.2.3.2", "versionStartIncluding": "7.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:7.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FDA87CF1-F2CB-4CE5-A285-EFC622A0C438", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HCL Launch is vulnerable to HTML injection. \u00a0HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.\n"}], "id": "CVE-2022-42452", "lastModified": "2023-11-07T03:53:20.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2023-04-02T21:15:08.183", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102081"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}