Hcltech: >> Hcl Leap >> 9.2 Security Vulnerabilities
Missing "no cache" headers in HCL Leap permits user directory information to be cached.
CVSS Score
3.2
EPSS Score
0.0
Published
2025-04-24
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
CVSS Score
3.2
EPSS Score
0.0
Published
2025-04-24
Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-04-24
Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-04-24
Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-04-24
Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-04-24
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-04-24
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-04-24
Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-04-24
Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
CVSS Score
4.1
EPSS Score
0.0
Published
2025-04-24
Page 1