3 matches found
CVE-2026-21825
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim’s browser. The CVE-2026-21825 entry lists a CVSS v3.1 base score of 6.1 (MEDIUM) with network access, low privilege...
CVE-2026-21826
CVE-2026-21826 affects HCL Digital Experience and HCL Digital Experience Compose. The root cause is likely improper handling of the Host header, enabling an attacker to manipulate the Host header and cause the application to behave in unexpected ways. The CVSS 3.1 vector indicates: Network attack...
CVE-2026-21837
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could lead to a complete system takeover and data ...