Cross Site Scripting (XSS) Vulnerability in HCL Verse Allows Remote Code Execution and Data Theft

Cross Site Scripting (XSS) Vulnerability in HCL Verse Allows Remote Code Execution and Data Theft

CVE-2021-27788 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability.  By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.

Learn more about our Web App Pen Testing.