CVE-2020-14222

Name of the Vulnerable Software and Affected Versions HCL Digital Experience versions 8.5 through 9.5

Description The issue concerns cross site scripting (XSS), specifically reflected XSS, where an attacker must induce a victim to click on a crafted URL from some delivery mechanism, such as email or another web site.

Recommendations For HCL Digital Experience versions 8.5 through 9.5, consider implementing input validation and output encoding to prevent XSS attacks. As a temporary workaround, restrict access to potentially vulnerable subcomponents until a patch is available. Avoid using crafted URLs that could induce victims to click on them, and educate users about the risks of clicking on links from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.