CVE-2020-4082

Name of the Vulnerable Software and Affected Versions HCL Connections version 5.5

Description The issue is caused by improper validation of user-supplied input, leading to cross-site scripting. A remote attacker could exploit this using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site. This could be used to steal the victim's cookie-based authentication credentials.

Recommendations For HCL Connections version 5.5, consider disabling the help system temporarily until a patch is available to prevent exploitation. Restrict access to the help system to minimize the risk of cross-site scripting attacks. Avoid using user-supplied input in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.