Skip to main content

Hcl Launch CVE-2023-45700

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-12-21 psirt@hcl.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 21, 2023 - 01:15 nvd
MEDIUM 5.4

DescriptionNVD

HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

AnalysisAI

HCL Launch is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. Affected products include: Hcltechsw Hcl Launch.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-45703 HIGH
7.5 Dec 21

HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exh

CVE-2025-0255 HIGH
7.2 Mar 24

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on t

CVE-2024-42195 MEDIUM
6.8 Dec 05

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. Rated medium severity (CVSS 6.8), this vulnerability is

CVE-2023-45701 MEDIUM
6.5 Dec 28

HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is retu

CVE-2022-27551 MEDIUM
6.5 Aug 03

HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security

CVE-2025-0257 MEDIUM
6.3 Apr 02

HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data

CVE-2024-23558 MEDIUM
6.3 Apr 15

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to imper

CVE-2024-23559 MEDIUM
6.1 Apr 15

HCL DevOps Deploy / Launch is generating an obsolete HTTP header. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2025-0273 MEDIUM
5.5 Mar 27

HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be

CVE-2024-42196 MEDIUM
5.5 Dec 06

HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP

CVE-2024-23550 MEDIUM
5.5 Feb 03

HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. Rated

CVE-2023-45702 MEDIUM
5.5 Dec 28

An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of

Share

CVE-2023-45700 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy