CVE-2026-21825

Published: Jun 5, 2026Modified: Jun 10, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: psirt@hcl.com (Secondary)

Description

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.

Affected (67)

Products: Hcltech: Digital Experience Compose, Digital Experience

Hcltech

2 products

Digital Experience Compose

Digital Experience

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Hcltech Digital Experience Compose	Version 9.5
Hcltech Digital Experience Compose	Version 9.5 cf224
Hcltech Digital Experience Compose	Version 9.5 cf225
Hcltech Digital Experience Compose	Version 9.5 cf226
Hcltech Digital Experience Compose	Version 9.5 cf227
Hcltech Digital Experience Compose	Version 9.5 cf228
Hcltech Digital Experience Compose	Version 9.5 cf229
Hcltech Digital Experience Compose	Version 9.5 cf230
Hcltech Digital Experience Compose	Version 9.5 cf231
Hcltech Digital Experience Compose	Version 9.5 cf232
Hcltech Digital Experience Compose	Version 9.5 cf233
Hcltech Digital Experience Compose	Version 9.5 cf234

Configuration B

55 vulnerable

Vulnerable Software	Affected Versions
Hcltech Digital Experience	Version 9.5
Hcltech Digital Experience	Version 9.5 cf171
Hcltech Digital Experience	Version 9.5 cf172
Hcltech Digital Experience	Version 9.5 cf173
Hcltech Digital Experience	Version 9.5 cf17
Hcltech Digital Experience	Version 9.5 cf181
Hcltech Digital Experience	Version 9.5 cf182
Hcltech Digital Experience	Version 9.5 cf183
Hcltech Digital Experience	Version 9.5 cf184
Hcltech Digital Experience	Version 9.5 cf18
Hcltech Digital Experience	Version 9.5 cf191
Hcltech Digital Experience	Version 9.5 cf192
Hcltech Digital Experience	Version 9.5 cf193
Hcltech Digital Experience	Version 9.5 cf194
Hcltech Digital Experience	Version 9.5 cf195
Hcltech Digital Experience	Version 9.5 cf196
Hcltech Digital Experience	Version 9.5 cf197
Hcltech Digital Experience	Version 9.5 cf198
Hcltech Digital Experience	Version 9.5 cf199
Hcltech Digital Experience	Version 9.5 cf19
Hcltech Digital Experience	Version 9.5 cf200
Hcltech Digital Experience	Version 9.5 cf201
Hcltech Digital Experience	Version 9.5 cf202
Hcltech Digital Experience	Version 9.5 cf203
Hcltech Digital Experience	Version 9.5 cf204
Hcltech Digital Experience	Version 9.5 cf205
Hcltech Digital Experience	Version 9.5 cf206
Hcltech Digital Experience	Version 9.5 cf207
Hcltech Digital Experience	Version 9.5 cf208
Hcltech Digital Experience	Version 9.5 cf209
Hcltech Digital Experience	Version 9.5 cf210
Hcltech Digital Experience	Version 9.5 cf211
Hcltech Digital Experience	Version 9.5 cf212
Hcltech Digital Experience	Version 9.5 cf213
Hcltech Digital Experience	Version 9.5 cf214
Hcltech Digital Experience	Version 9.5 cf215
Hcltech Digital Experience	Version 9.5 cf216
Hcltech Digital Experience	Version 9.5 cf217
Hcltech Digital Experience	Version 9.5 cf218
Hcltech Digital Experience	Version 9.5 cf219
Hcltech Digital Experience	Version 9.5 cf220
Hcltech Digital Experience	Version 9.5 cf221
Hcltech Digital Experience	Version 9.5 cf222
Hcltech Digital Experience	Version 9.5 cf223
Hcltech Digital Experience	Version 9.5 cf224
Hcltech Digital Experience	Version 9.5 cf225
Hcltech Digital Experience	Version 9.5 cf226
Hcltech Digital Experience	Version 9.5 cf227
Hcltech Digital Experience	Version 9.5 cf228
Hcltech Digital Experience	Version 9.5 cf229
Hcltech Digital Experience	Version 9.5 cf230
Hcltech Digital Experience	Version 9.5 cf231
Hcltech Digital Experience	Version 9.5 cf232
Hcltech Digital Experience	Version 9.5 cf233
Hcltech Digital Experience	Version 9.5 cf234

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849

Source: psirt@hcl.com

Vendor Advisory

Timeline

No history available yet.