11 matches found
CVE-2023-37516
CVE-2023-37516 affects HCL Leap; the root cause is missing no-cache headers, which permits caching of user directory information. The vulnerability is described with a CVSSv3.1 base score of 3.2 (LOW) with LOCAL attack vector, requiring user interaction and low privileges. There is no explicit ex...
CVE-2024-30147
CVE-2024-30147 affects HCL Leap with multiple vectors enabling client-side script injection in the authoring environment and deployed applications. The provided documents confirm an XSS-type issue and give CVSS-based severity (MEDIUM) but do not disclose a specific patched version or definitive r...
CVE-2022-38657
The CVE-2022-38657 issue is an open redirect vulnerability affecting HCL Leap (manager page Feedback action). Public records describe that an open redirect to malicious sites can occur when accessing the Feedback action, with various sources identifying this as an issue in the Leap platform. Root...
CVE-2022-44760
CVE-2022-44760 concerns HCL Leap where an unsafe default file type filter policy in Leap permits execution of unsafe JavaScript in deployed applications. The root cause listed is the default file type filtering policy, leading to potential unsafe script execution. Documented impacts indicate unsa...
CVE-2023-45720
CVE-2023-45720 affects HCL Leap and is due to insufficient default configuration that permits anonymous access to directory information. The NVD entry lists a CVSS v3.1 base score of 5.3 (Medium), with Network attack vector, Low attack complexity, Privileges Required: None, User Interaction: None...
CVE-2024-30114
CVE-2024-30114 concerns an XSS issue in HCL Leap caused by insufficient sanitization in the authoring environment, allowing client-side script injection. Across connected documents, the affected product is consistently HCL Leap, with its vulnerability described as an input sanitization flaw leadi...
CVE-2024-30113
The CVE-2024-30113 issue affects HCL Leap, specifically the HTML widget, where insufficient sanitization policy enables client-side script injection. The problem is described across multiple connected records as an XSS risk in HCL Leap’s deployment, without explicit exploitation details provided....
CVE-2022-44759
CVE-2022-44759 concerns an issue in HCL Leap where improper sanitization of SVG files enables client-side script injection in deployed applications. The core detail across sources is that SVG content is not adequately cleaned, creating an XSS-like vulnerability in affected HCL Leap deployments. S...
CVE-2024-30127
CVE-2024-30127 concerns HCL Leap. The available connected data indicate the root cause is missing "no cache" headers, which permits sensitive data to be cached. The NVD metrics show a low base score (CVSS 3.1: 3.2, LOW) with local attack vector, low privileges required, and user interaction requi...
CVE-2023-37534
CVE-2023-37534 affects HCL Leap: insufficient URI protocol whitelist allows script injection via query parameters in the web app. Reported severity varies by source (NVD: CVSS v3.1 base 6.1; CNA data shows higher impact on integrity). Affected component is the HCL Leap URI handling logic; exploit...
CVE-2024-30148
The CVE-2024-30148 entry concerns HCL Leap with an improper access-control vulnerability at a server endpoint, allowing certain admin users to import applications from the server filesystem. Affects HCL Leap (endpoint) per multiple sources; CVSS:v3.1 base score 4.1 (Medium) with vectors AV:N/AC:H...