Description
HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Affected products
- HCL Software / HCL Connections5.5 – 5.5
- HCL Software / HCL Connections6.0 – 6.0
- HCL Software / HCL Connections6.5 – 6.5