HCL Leap Client-Side Script Injection Vulnerability

Vulnerability

A vulnerability allowing client-side script injection has been identified in HCL Leap. This issue arises in both the authoring environment and deployed applications, through multiple vectors that permit the injection of scripts that are executed on the client side.

Impact

Exploitation of this vulnerability could lead to unauthorized script execution in the user's browser, potentially allowing for cross-site scripting (XSS) attacks or other malicious activities that could be performed through injected scripts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Leap Client-Side Script Injection Vulnerability

Vulnerability

Impact

Affected Products

HCL Leap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating