7 matches found
PT-2025-18336 · Hcl · Hcl Leap
Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue is related to an insufficient sanitization policy, which allows client-side script injection in the deployed application. This can be achieved through the HTML widget...
CVE-2024-30147
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications...
CVE-2022-44760 HCL Leap is affected by an unrestricted upload of file with dangerous type vulnerability
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications...
CVE-2022-44760
CVE-2022-44760 concerns HCL Leap where an unsafe default file type filter policy in Leap permits execution of unsafe JavaScript in deployed applications. The root cause listed is the default file type filtering policy, leading to potential unsafe script execution. Documented impacts indicate unsa...
CVE-2023-37516 HCL Leap is affected by missing "no cache" headers
Missing "no cache" headers in HCL Leap permits user directory information to be cached...
CVE-2023-45720 HCL Leap is affected by a disclosure of private personal information vulnerability
Insufficient default configuration in HCL Leap allows anonymous access to directory information...
CVE-2024-30113 HCL Leap is affected by a cross-site scripting (XSS) vulnerability
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget...