Lucene search
K

9 matches found

CVE
CVE
added 2025/04/24 8:37 p.m.73 views

CVE-2023-37516

CVE-2023-37516 affects HCL Leap; the root cause is missing no-cache headers, which permits caching of user directory information. The vulnerability is described with a CVSSv3.1 base score of 3.2 (LOW) with LOCAL attack vector, requiring user interaction and low privileges. There is no explicit ex...

3.2CVSS3.9AI score0.00127EPSS
CVE
CVE
added 2025/04/24 4:21 p.m.61 views

CVE-2024-30147

CVE-2024-30147 affects HCL Leap with multiple vectors enabling client-side script injection in the authoring environment and deployed applications. The provided documents confirm an XSS-type issue and give CVSS-based severity (MEDIUM) but do not disclose a specific patched version or definitive r...

6.5CVSS7.2AI score0.0021EPSS
CVE
CVE
added 2023/02/02 9:17 p.m.57 views

CVE-2022-38657

The CVE-2022-38657 issue is an open redirect vulnerability affecting HCL Leap (manager page Feedback action). Public records describe that an open redirect to malicious sites can occur when accessing the Feedback action, with various sources identifying this as an issue in the Leap platform. Root...

8.2CVSS5.9AI score0.00288EPSS
CVE
CVE
added 2025/04/24 4:25 p.m.56 views

CVE-2023-45720

CVE-2023-45720 affects HCL Leap and is due to insufficient default configuration that permits anonymous access to directory information. The NVD entry lists a CVSS v3.1 base score of 5.3 (Medium), with Network attack vector, Low attack complexity, Privileges Required: None, User Interaction: None...

5.3CVSS6.9AI score0.00251EPSS
CVE
CVE
added 2025/04/24 4:22 p.m.56 views

CVE-2024-30114

CVE-2024-30114 concerns an XSS issue in HCL Leap caused by insufficient sanitization in the authoring environment, allowing client-side script injection. Across connected documents, the affected product is consistently HCL Leap, with its vulnerability described as an input sanitization flaw leadi...

5.4CVSS7.2AI score0.00193EPSS
CVE
CVE
added 2025/04/24 4:23 p.m.53 views

CVE-2024-30113

The CVE-2024-30113 issue affects HCL Leap, specifically the HTML widget, where insufficient sanitization policy enables client-side script injection. The problem is described across multiple connected records as an XSS risk in HCL Leap’s deployment, without explicit exploitation details provided....

6.3CVSS7.2AI score0.00243EPSS
CVE
CVE
added 2025/04/24 8:35 p.m.50 views

CVE-2024-30127

CVE-2024-30127 concerns HCL Leap. The available connected data indicate the root cause is missing "no cache" headers, which permits sensitive data to be cached. The NVD metrics show a low base score (CVSS 3.1: 3.2, LOW) with local attack vector, low privileges required, and user interaction requi...

3.2CVSS3.9AI score0.00127EPSS
CVE
CVE
added 2025/04/24 4:27 p.m.49 views

CVE-2023-37534

CVE-2023-37534 affects HCL Leap: insufficient URI protocol whitelist allows script injection via query parameters in the web app. Reported severity varies by source (NVD: CVSS v3.1 base 6.1; CNA data shows higher impact on integrity). Affected component is the HCL Leap URI handling logic; exploit...

7.1CVSS7.2AI score0.00194EPSS
CVE
CVE
added 2025/04/24 4:10 p.m.49 views

CVE-2024-30148

The CVE-2024-30148 entry concerns HCL Leap with an improper access-control vulnerability at a server endpoint, allowing certain admin users to import applications from the server filesystem. Affects HCL Leap (endpoint) per multiple sources; CVSS:v3.1 base score 4.1 (Medium) with vectors AV:N/AC:H...

4.1CVSS6.9AI score0.00224EPSS