HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HHcltech Hcl Compass
APPHcltech2.0.0 – 2.0.32.1.0 – 2.2.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2023-37502CRITICAL9.0ten sam produkt
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active c...
CVE-2023-37503HIGH8.1ten sam produkt
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and g...
CVE-2023-37504HIGH7.1ten sam produkt
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated...
CVE-2025-62319CRITICAL9.8PL ✓ten sam vendor
Boolean-Based SQL Injection umożliwiający wstrzyknięcie dowolnego SQL
CVE-2023-37538CRITICAL9.3ten sam vendor
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflect...