CVE-2019-4091

MEDIUM

HCL Marketing Platform 10.1.0-10.1.0.3 - Stored Cross-Site Scripting in User Addition and Search

Title source: llm

Description

"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. "

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080437

Scores

CVSS v3 5.4

EPSS 0.0034

EPSS Percentile 57.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

hcltech/marketing_campaign 9.1.2.4

hcltech/marketing_campaign 10.1.0 - 10.1.0.4

Published Jul 17, 2020

Tracked Since Feb 18, 2026