Digital Experience Security Vulnerabilities and Issues — Digital Experience CVE List

Lucene search

HcltechDigital Experience

7 matches found

CVE•added 2022/12/19 11:15 a.m.•49 views

CVE-2022-38653

In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.

5.4CVSS4.4AI score0.00191EPSS

CVE•added 2023/10/11 1:15 p.m.•42 views

CVE-2023-37538

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

9.3CVSS6.6AI score0.00226EPSS

CVE•added 2021/02/02 8:15 p.m.•37 views

CVE-2020-14221

HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.

4.9CVSS5AI score0.00335EPSS

CVE•added 2020/10/01 8:15 p.m.•35 views

CVE-2020-14223

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.

6.1CVSS5.8AI score0.00359EPSS

CVE•added 2021/02/02 8:15 p.m.•35 views

CVE-2020-14255

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.

7.5CVSS7.5AI score0.00322EPSS

CVE•added 2021/02/02 9:15 p.m.•34 views

CVE-2020-4081

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).

6.1CVSS6AI score0.00359EPSS

CVE•added 2025/08/19 7:15 p.m.•3 views

CVE-2025-31988

HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.

4.9CVSS6.1AI score0.0003EPSS