Hcltech

Digital Experience

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.15%
  • Veröffentlicht 05.06.2026 06:03:11
  • Zuletzt bearbeitet 10.06.2026 19:24:05

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.  An attacker could execute arbitrary JavaScript in the victim's browser.

  • EPSS 0.14%
  • Veröffentlicht 05.06.2026 05:58:31
  • Zuletzt bearbeitet 10.06.2026 19:24:47

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

  • EPSS 0.92%
  • Veröffentlicht 05.06.2026 05:50:58
  • Zuletzt bearbeitet 10.06.2026 19:25:09

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which co...

  • EPSS 0.15%
  • Veröffentlicht 20.02.2026 20:01:10
  • Zuletzt bearbeitet 24.02.2026 20:42:11

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.

  • EPSS 0.22%
  • Veröffentlicht 19.08.2025 18:12:07
  • Zuletzt bearbeitet 21.08.2025 18:50:08

HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.

  • EPSS 0.36%
  • Veröffentlicht 11.10.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:53

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

  • EPSS 0.29%
  • Veröffentlicht 19.12.2022 11:15:10
  • Zuletzt bearbeitet 21.11.2024 07:16:52

In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.

  • EPSS 0.63%
  • Veröffentlicht 02.02.2021 21:15:14
  • Zuletzt bearbeitet 21.11.2024 05:32:16

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).

  • EPSS 0.84%
  • Veröffentlicht 02.02.2021 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:53

HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.

  • EPSS 1.06%
  • Veröffentlicht 02.02.2021 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:55

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.