9 matches found
CVE-2023-37516
CVE-2023-37516 affects HCL Leap; the root cause is missing no-cache headers, which permits caching of user directory information. The vulnerability is described with a CVSSv3.1 base score of 3.2 (LOW) with LOCAL attack vector, requiring user interaction and low privileges. There is no explicit ex...
CVE-2024-30147
CVE-2024-30147 affects HCL Leap with multiple vectors enabling client-side script injection in the authoring environment and deployed applications. The provided documents confirm an XSS-type issue and give CVSS-based severity (MEDIUM) but do not disclose a specific patched version or definitive r...
CVE-2022-38657
The CVE-2022-38657 issue is an open redirect vulnerability affecting HCL Leap (manager page Feedback action). Public records describe that an open redirect to malicious sites can occur when accessing the Feedback action, with various sources identifying this as an issue in the Leap platform. Root...
CVE-2023-45720
CVE-2023-45720 affects HCL Leap and is due to insufficient default configuration that permits anonymous access to directory information. The NVD entry lists a CVSS v3.1 base score of 5.3 (Medium), with Network attack vector, Low attack complexity, Privileges Required: None, User Interaction: None...
CVE-2024-30114
CVE-2024-30114 concerns an XSS issue in HCL Leap caused by insufficient sanitization in the authoring environment, allowing client-side script injection. Across connected documents, the affected product is consistently HCL Leap, with its vulnerability described as an input sanitization flaw leadi...
CVE-2024-30113
The CVE-2024-30113 issue affects HCL Leap, specifically the HTML widget, where insufficient sanitization policy enables client-side script injection. The problem is described across multiple connected records as an XSS risk in HCL Leap’s deployment, without explicit exploitation details provided....
CVE-2024-30127
CVE-2024-30127 concerns HCL Leap. The available connected data indicate the root cause is missing "no cache" headers, which permits sensitive data to be cached. The NVD metrics show a low base score (CVSS 3.1: 3.2, LOW) with local attack vector, low privileges required, and user interaction requi...
CVE-2023-37534
CVE-2023-37534 affects HCL Leap: insufficient URI protocol whitelist allows script injection via query parameters in the web app. Reported severity varies by source (NVD: CVSS v3.1 base 6.1; CNA data shows higher impact on integrity). Affected component is the HCL Leap URI handling logic; exploit...
CVE-2024-30148
The CVE-2024-30148 entry concerns HCL Leap with an improper access-control vulnerability at a server endpoint, allowing certain admin users to import applications from the server filesystem. Affects HCL Leap (endpoint) per multiple sources; CVSS:v3.1 base score 4.1 (Medium) with vectors AV:N/AC:H...