Skip to main content

Digital Experience

6 CVEs product

Monthly

CVE-2026-21837 HIGH This Week

OS command injection in HCL Digital Experience 9.5 allows authenticated remote attackers to execute arbitrary operating system commands through the Digital Asset Management API, inheriting the privileges of the application service account and potentially achieving full host takeover and data compromise. The CVSS 4.0 base score of 8.7 reflects high confidentiality, integrity, and availability impact over a network vector with low attack complexity and only low privileges required, though no public exploit identified at time of analysis. The vulnerability was disclosed by the vendor (HCL) and is tracked in ENISA's EUVD as EUVD-2026-34786.

Command Injection Digital Experience
NVD VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-62326 MEDIUM This Month

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit. [CVSS 6.1 MEDIUM]

XSS Digital Experience
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-31988 MEDIUM Monitor

HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2023-37538 MEDIUM PATCH This Month

HCL Digital Experience is susceptible to cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Digital Experience
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38653 MEDIUM This Month

In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2020-14223 MEDIUM PATCH This Month

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience
NVD
CVSS 3.1
6.1
EPSS
0.6%
EPSS 0% CVSS 8.7
HIGH This Week

OS command injection in HCL Digital Experience 9.5 allows authenticated remote attackers to execute arbitrary operating system commands through the Digital Asset Management API, inheriting the privileges of the application service account and potentially achieving full host takeover and data compromise. The CVSS 4.0 base score of 8.7 reflects high confidentiality, integrity, and availability impact over a network vector with low attack complexity and only low privileges required, though no public exploit identified at time of analysis. The vulnerability was disclosed by the vendor (HCL) and is tracked in ENISA's EUVD as EUVD-2026-34786.

Command Injection Digital Experience
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit. [CVSS 6.1 MEDIUM]

XSS Digital Experience
NVD
EPSS 0% CVSS 4.9
MEDIUM Monitor

HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

HCL Digital Experience is susceptible to cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Digital Experience
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy