Jason Wicker

**Name of the Vulnerable Software and Affected Versions** HCL Digital Experience versions 8.5 through 9.5 **Description** The issue concerns cross site scripting (XSS), specifically reflected XSS, where an attacker must induce a victim to click on a crafted URL from some delivery mechanism, such as email or another web site. **Recommendations** For HCL Digital Experience versions 8.5 through 9.5, consider implementing input validation and output encoding to prevent XSS attacks. As a temporary workaround, restrict access to potentially vulnerable subcomponents until a patch is available. Avoid using crafted URLs that could induce victims to click on them, and educate users about the risks of clicking on links from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HCL Digital Experience (affected versions not specified) **Description** The issue affects HCL Digital Experience, making it susceptible to Server Side Request Forgery. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.