Primary

Context

HCL Leap Unsafe Default File Type Filter Policy Vulnerability Allowing Execution of Unsafe JavaScript

Vulnerability

Patched

A vulnerability exists in HCL Leap versions 9.0 through 9.3.8 due to an unsafe default file type filter policy. This flaw allows the execution of unsafe JavaScript in applications deployed through HCL Leap.

Impact

Exploitation of this vulnerability could lead to the execution of malicious JavaScript in deployed applications, potentially allowing for client-side script injection.

Remediation

Users can upgrade to HCL Leap version 9.3.8 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Leap Unsafe Default File Type Filter Policy Vulnerability Allowing Execution of Unsafe JavaScript

Vulnerability

Impact

Remediation

Affected Products

HCL Leap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating