EUVD-2026-34787
GHSA-xg6r-cjq3-qmj5
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
AnalysisAI
Host header injection in HCL Digital Experience and HCL Digital Experience Compose enables unauthenticated remote attackers to manipulate HTTP Host headers, causing the application to generate attacker-controlled redirect URLs targeting victims - a classic open redirect primitive (CWE-601) confirmed by the Open Redirect tag. The CVSS 6.1 score reflects Changed scope (S:C), meaning impact crosses beyond the vulnerable component, with low confidentiality and integrity impact consistent with phishing and session-hijacking abuse. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | User interaction is required - the victim must follow a crafted link or request that carries the injected Host header value (CVSS UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) presents a remotely exploitable, low-complexity attack requiring no privileges - but user interaction (UI:R) is a meaningful limiting factor that reduces automated mass exploitation risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a legitimate-looking URL pointing to the target organization's HCL Digital Experience portal but includes a manipulated HTTP Host header referencing an attacker-controlled domain. The link is distributed via phishing email to enterprise users; when a victim clicks it, the application trusts the injected Host header, generates a redirect to the attacker's site, and the victim - believing they are interacting with a trusted internal portal - may submit credentials or be served malware. … |
| Remediation | Consult the HCL vendor advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849 for patched release versions and upgrade instructions - no specific fixed version number is confirmed from the data available for this analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Credential leakage in Erlang/OTP's inets httpc client (versions 17.0 through 29.0.2, 28.5.0.2, and 27.3.4.13) allows att
Open redirect in hs-web hsweb-framework's OAuth2Client component (versions up to 5.0.1) allows remote unauthenticated at
Open redirect in WebOb (pip/webob <= 1.8.9) enables unauthenticated network attackers to redirect victims to arbitrary a
Spring Authorization Server's authorization endpoint fails to adequately validate the OAuth2/OIDC `request_uri` paramete
Open redirect in Spring Security's cookie-based saved-request components allows remote unauthenticated attackers to redi
Share
External POC / Exploit Code
Leaving vuln.today