Vulnerability Database

309,130

Total vulnerabilities in the database

CVE-2024-30112

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks.

Published: Jun 25, 2024
Updated: Nov 4, 2025
CVE: CVE-2024-30112
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
hcltech / connections	7.0	7.0.x
hcltech / connections	8.0	8.0.x
hcltech / connections	8.0-cumulative_release1	8.0-cumulative_release1.x
hcltech / connections	8.0-cumulative_release2	8.0-cumulative_release2.x
hcltech / connections	8.0-cumulative_release3	8.0-cumulative_release3.x
hcltech / connections	8.0-cumulative_release4	8.0-cumulative_release4.x
hcltech / connections	8.0-cumulative_release5	8.0-cumulative_release5.x
hcltech / connections	8.0-cumulative_release6	8.0-cumulative_release6.x

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114148

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo