How to fix CVE-2024-30114?

During next maintenance window: Apply vendor patches when convenient. Verify cross-site scripting controls are in place.

Is Hcl Leap affected by CVE-2024-30114?

CVE-2024-30114 is a low-severity vulnerability in Insufficient sanitization in HCL Leap involving cross-site scripting (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

Hcl Leap CVE-2024-30114

LOW

Cross-site Scripting (XSS) (CWE-79)

2025-04-24 [email protected]

XSS Hcl Leap

3.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:38 vuln.today

CVE Published

Apr 24, 2025 - 17:15 nvd

LOW 3.7

DescriptionNVD

Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.

AnalysisAI

Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. Affected products include: Hcltech Hcl Leap.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-30114 vulnerability details – vuln.today

Back