HCL Leap HTML Widget Client-Side Script Injection Vulnerability

Vulnerability

A vulnerability exists in HCL Leap due to an inadequate sanitization policy, allowing client-side script injection in deployed applications via the HTML widget.

Impact

Exploitation of this vulnerability could lead to cross-site scripting (XSS) by injecting malicious scripts that are executed in the context of the user's browser.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

5.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

5.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Leap HTML Widget Client-Side Script Injection Vulnerability

Vulnerability

Impact

Affected Products

HCL Leap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating