HCL Leap Client-Side Script Injection Vulnerability in the Authoring Environment

Vulnerability

A vulnerability in HCL Leap has been identified, allowing client-side script injection in the authoring environment due to insufficient sanitization. This issue could potentially be exploited to execute malicious scripts in the user's browser.

Impact

Exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, where an attacker injects malicious scripts that are executed in the context of the user's session.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

5.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Leap Client-Side Script Injection Vulnerability in the Authoring Environment

Vulnerability

Impact

Affected Products

HCL Leap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating