CVE-2022-42452

Summary

HCL Launch is vulnerable to HTML injection.  HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareHCL Launch< 6.2.7.18, 7.0 -7.0.5.13, 7.1-7.1.2.9, 7.2-7.2.3.2, 7.3affected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References