11 matches found
CVE-2022-38653
HCL Digital Experience is reported vulnerable to a cross-site scripting (XSS) issue where a customized payload can be served unencoded in the application. The CVE-2022-38653 entry lists a CVSS v3.1 base score of 5.4 (MEDIUM) with NETWORK attack vector, LOW impact on confidentiality/integrity and ...
CVE-2023-37538
HCL Digital Experience is affected by a reflected XSS vulnerability in one subcomponent. The issue requires a user to click a crafted URL conveyed via email or another web delivery method, enabling an attacker to perform cross-site scripting. The Connected documents do not provide explicit affect...
CVE-2020-4081
CVE-2020-4081 affects HCL Digital Experience WSRP consumer in versions 8.5, 9.0, and 9.5 and is a cross-site scripting (XSS) vulnerability. Root cause cited in CNVD-2021-09494 is lack of proper validation of client-side data in the WEB application. Documented impact is XSS with no additional expl...
CVE-2020-14221
Technical details about CVE-2020-14221 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2020-14255
CVE-2020-14255 affects HCL Digital Experience 9.5 containers, with information disclosure of sensitive data via crafted requests. Documents consistently describe the issue as container-scoped and not impacting on-premise installations. The core vulnerability details (root cause, affected componen...
CVE-2020-14223
CVE-2020-14223 affects HCL Digital Experience versions 8.5, 9.0, and 9.5. The connected documents describe a cross-site scripting (XSS) vulnerability that can be exploited via reflected or non-persistent XSS attacks. The material notes the affected product and vulnerability category, but does not...
CVE-2026-21825
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim’s browser. The CVE-2026-21825 entry lists a CVSS v3.1 base score of 6.1 (MEDIUM) with network access, low privilege...
CVE-2026-21826
CVE-2026-21826 affects HCL Digital Experience and HCL Digital Experience Compose. The root cause is likely improper handling of the Host header, enabling an attacker to manipulate the Host header and cause the application to behave in unexpected ways. The CVSS 3.1 vector indicates: Network attack...
CVE-2026-21837
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could lead to a complete system takeover and data ...
CVE-2025-31988
CVE-2025-31988 affects HCL Digital Experience. It is described as a cross-site scripting (XSS) vulnerability in an administrative UI with restricted access. Publiced technical details in connected sources show CVSS 3.1 with a Network attack vector, Low attack complexity, Privileges Required: High...
CVE-2025-62326
HCL Digital Experience is susceptible to stored XSS in the administrative UI that requires elevated privileges to exploit. Affected component: the admin interface of HCL Digital Experience. The vulnerability is stored XSS with the attacker needing high privileges and user interaction is required ...