Search
Search Results (10 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21826 | 1 Hcltech | 2 Digital Experience, Dx Compose | 2026-06-05 | 6.1 Medium |
| HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways. | ||||
| CVE-2026-21837 | 1 Hcltech | 1 Digital Experience | 2026-06-05 | N/A |
| HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise. | ||||
| CVE-2025-62326 | 1 Hcltech | 1 Digital Experience | 2026-02-24 | 6.1 Medium |
| HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit. | ||||
| CVE-2025-31988 | 1 Hcltech | 1 Digital Experience | 2025-08-21 | 4.9 Medium |
| HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. | ||||
| CVE-2022-38653 | 1 Hcltech | 1 Digital Experience | 2025-04-18 | 2 Low |
| In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. | ||||
| CVE-2023-37538 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 9.3 Critical |
| HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | ||||
| CVE-2020-4081 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 6.1 Medium |
| In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS). | ||||
| CVE-2020-14255 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 7.5 High |
| HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. | ||||
| CVE-2020-14223 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 6.1 Medium |
| HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack. | ||||
| CVE-2020-14221 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 4.9 Medium |
| HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users. | ||||
Page 1 of 1.