Skip to main content

Hcl Leap

10 CVEs product

Monthly

CVE-2024-30127 LOW Monitor

Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hcl Leap
NVD
CVSS 3.1
3.2
EPSS
0.1%
CVE-2023-37516 LOW Monitor

Missing "no cache" headers in HCL Leap permits user directory information to be cached. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hcl Leap
NVD
CVSS 3.1
3.2
EPSS
0.1%
CVE-2022-44760 MEDIUM This Month

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Hcl Leap
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-44759 MEDIUM This Month

Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-30147 MEDIUM This Month

Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30114 LOW Monitor

Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS Hcl Leap
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2024-30113 MEDIUM This Month

Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-45720 MEDIUM This Month

Insufficient default configuration in HCL Leap allows anonymous access to directory information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hcl Leap
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-37534 HIGH This Week

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-30148 MEDIUM This Month

Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Hcl Leap
NVD
CVSS 3.1
4.1
EPSS
0.2%
EPSS 0% CVSS 3.2
LOW Monitor

Missing "no cache" headers in HCL Leap permits sensitive data to be cached. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hcl Leap
NVD
EPSS 0% CVSS 3.2
LOW Monitor

Missing "no cache" headers in HCL Leap permits user directory information to be cached. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hcl Leap
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Hcl Leap
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS Hcl Leap
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Insufficient default configuration in HCL Leap allows anonymous access to directory information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hcl Leap
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Leap
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Hcl Leap
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy