Digital Experience Compose

digital_experience_compose

Vendor: Hcltech • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21837 1Hcltech 2Digital Experience Digital Experience Compose Jun 10, 2026 Jun 5, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vu...Show more HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.Show less
CVE-2026-21826 1Hcltech 2Digital Experience Digital Experience Compose Jun 10, 2026 Jun 5, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
CVE-2026-21825 1Hcltech 2Digital Experience Digital Experience Compose Jun 10, 2026 Jun 5, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.