Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  >> Digital Experience  >> 9.5  Security Vulnerabilities
CVE-2026-21837
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
CVSS Score
8.7
EPSS Score
0.001
Published
2026-06-05
CVE-2026-21825
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.  An attacker could execute arbitrary JavaScript in the victim's browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-06-05
CVE-2026-21826
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-06-05
CVE-2025-62326
HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-20
CVE-2025-31988
HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-08-19
CVE-2023-37538
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
CVSS Score
9.3
EPSS Score
0.002
Published
2023-10-11
CVE-2022-38653
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
CVSS Score
2.0
EPSS Score
0.004
Published
2022-12-19
CVE-2020-4081
In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
CVSS Score
6.1
EPSS Score
0.004
Published
2021-02-02
CVE-2020-14221
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
CVSS Score
4.9
EPSS Score
0.003
Published
2021-02-02
CVE-2020-14255
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-02-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved