CVE-2020-4080

Name of the Vulnerable Software and Affected Versions HCL Verse versions 10 through 11

Description The issue arises from improper handling of message content, leading to a Stored Cross-Site Scripting (XSS) vulnerability. An unauthenticated remote attacker could exploit this by using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site, potentially stealing the victim's cookie-based authentication credentials.

Recommendations For HCL Verse versions 10 through 11, update to a version that includes a fix for the improper handling of message content to prevent Stored Cross-Site Scripting (XSS) attacks.