CVE-2025-31988
- EPSS 0.03%
- Veröffentlicht 19.08.2025 18:12:07
- Zuletzt bearbeitet 21.08.2025 18:50:08
HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.
CVE-2023-37538
- EPSS 0.23%
- Veröffentlicht 11.10.2023 13:15:09
- Zuletzt bearbeitet 21.11.2024 08:11:53
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
CVE-2022-38653
- EPSS 0.24%
- Veröffentlicht 19.12.2022 11:15:10
- Zuletzt bearbeitet 21.11.2024 07:16:52
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
CVE-2020-4081
- EPSS 0.36%
- Veröffentlicht 02.02.2021 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:32:16
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
CVE-2020-14221
- EPSS 0.34%
- Veröffentlicht 02.02.2021 20:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:53
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
CVE-2020-14255
- EPSS 0.32%
- Veröffentlicht 02.02.2021 20:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:55
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
CVE-2020-14223
- EPSS 0.36%
- Veröffentlicht 01.10.2020 20:15:13
- Zuletzt bearbeitet 21.11.2024 05:02:53
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.