CVE-2019-4388
CVE-2019-4388
In short
HCL AppScan Source versions up to 9.0.3.13 allow attackers to inject malicious JavaScript code into the web interface, which executes in users' browsers. This can steal session data, credentials, or perform actions on behalf of the user.
Technical detail
Cross-site scripting (XSS) vulnerability in HCL AppScan Source ≤9.0.3.13 Web UI allows authenticated or unauthenticated attackers to inject arbitrary JavaScript. The vulnerability persists in the application and executes in victim browsers with user privileges, potentially enabling session hijacking, credential theft, or unauthorized administrative actions.
Summary generated and translated by AI from the official description.
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.
Affected products
HCL · AppScan SourceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →