CVE-2026-21825 (GCVE-0-2026-21825)
Vulnerability from cvelistv5 – Published: 2026-06-05 06:03 – Updated: 2026-06-09 14:38
VLAI
Title
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center
Summary
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HCLSoftware | DX Compose |
Affected:
9.5
|
Date Public
2026-06-05 05:37
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:28:16.871212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:38:04.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DX Compose",
"vendor": "HCLSoftware",
"versions": [
{
"status": "affected",
"version": "9.5"
}
]
}
],
"datePublic": "2026-06-05T05:37:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.\u0026nbsp; An attacker could execute arbitrary JavaScript in the victim\u0027s browser."
}
],
"value": "HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.\u00a0 An attacker could execute arbitrary JavaScript in the victim\u0027s browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T06:03:11.053Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130849"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2026-21825",
"datePublished": "2026-06-05T06:03:11.053Z",
"dateReserved": "2026-01-05T16:08:22.254Z",
"dateUpdated": "2026-06-09T14:38:04.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-21825",
"date": "2026-06-13",
"epss": "0.00033",
"percentile": "0.10049"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-21825\",\"sourceIdentifier\":\"psirt@hcl.com\",\"published\":\"2026-06-05T07:16:29.707\",\"lastModified\":\"2026-06-10T19:24:05.453\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.\u00a0 An attacker could execute arbitrary JavaScript in the victim\u0027s browser.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"psirt@hcl.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA10D3C3-C284-4880-AC26-BBB7DB38A23B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf224:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1B6A0A6-CBC8-42B3-9718-4B9F668CB9A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf225:*:*:*:*:*:*\",\"matchCriteriaId\":\"2700CD74-E4D8-4FE6-89B2-55043A11F71E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf226:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFB9AFA0-C510-4AFA-800B-FC356E2CD60E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf227:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED000717-515A-404F-8CD7-015391857A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf228:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDE748ED-402C-40CF-9913-CA3398B39DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf229:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF2E7C7C-47CE-4216-8019-D3EDA5835104\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf230:*:*:*:*:*:*\",\"matchCriteriaId\":\"45417D1B-D339-409C-8E28-E939F118BCD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf231:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B7631B4-7C09-4FB7-A3DD-81A681BBACC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf232:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9442342-3542-49C8-B01E-D69E4D3FFAD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf233:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F0272C6-012C-4DB2-BAF5-461B3D4EE588\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf234:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A9E3C55-054D-48C7-BCEC-8E1540317C7F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7726847-A415-4C5B-9997-67DDA48381D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf17:*:*:*:*:*:*\",\"matchCriteriaId\":\"79E93476-E767-4F67-88B2-790555132DD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf171:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E86C441-38FC-46D2-BC76-E241C6F25682\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf172:*:*:*:*:*:*\",\"matchCriteriaId\":\"95B210EB-3C1F-48E2-97A3-BC33BCA5613E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf173:*:*:*:*:*:*\",\"matchCriteriaId\":\"37E8CE4C-60AF-4501-B2A8-887D894A83E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf18:*:*:*:*:*:*\",\"matchCriteriaId\":\"077ACEC7-4FB3-4546-B25C-27FF87E744E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf181:*:*:*:*:*:*\",\"matchCriteriaId\":\"5987539C-F1E2-4DA4-A94D-56B49E1A89C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf182:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4769476-6D01-407E-8DD5-15AE47F15A19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf183:*:*:*:*:*:*\",\"matchCriteriaId\":\"209F0AD7-CB0F-4888-83C4-935167CD8A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf184:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4E0077-3EE3-4F45-9D0D-9F2F7F06A21A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf19:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A643F55-D3C0-4681-832F-64D091EECA0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf191:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5E3A637-FBCE-4EA7-8BE7-662F19219C1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf192:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCA57208-8F6D-4110-8A95-0D8AC9DE25F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf193:*:*:*:*:*:*\",\"matchCriteriaId\":\"02E5D3F6-DB54-4193-9884-81654CF85293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf194:*:*:*:*:*:*\",\"matchCriteriaId\":\"B39D31A9-04D2-4E2D-A1F9-F67610CEF425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf195:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2474A59-CF18-49CC-8B26-C40B31D521DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf196:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDDACE6E-8A8F-4F37-A159-288E4CA3FA23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf197:*:*:*:*:*:*\",\"matchCriteriaId\":\"4956E2A0-7519-4CF1-AA23-25F1E75C4704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf198:*:*:*:*:*:*\",\"matchCriteriaId\":\"053D3981-2629-41B1-937E-76C44C94F412\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf199:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE0278A5-9F19-40E5-A2D9-AFFB9D621AEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf200:*:*:*:*:*:*\",\"matchCriteriaId\":\"89668531-4116-4B30-B921-89CE1AFAB5AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf201:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E9720DF-C28B-4E52-B1F1-6CB15DB7570B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf202:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE04EFCC-AADF-444F-97F6-8C7EA38E9810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf203:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9C8052E-06F3-4D71-86D2-CAC7DD641406\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf204:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B4C6DE0-FA68-4F34-8D8D-E8A2EF0BF986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf205:*:*:*:*:*:*\",\"matchCriteriaId\":\"698363E8-98C1-4945-926D-439909962E86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf206:*:*:*:*:*:*\",\"matchCriteriaId\":\"D39092E3-98FC-4335-9D90-C8C34A6B20B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf207:*:*:*:*:*:*\",\"matchCriteriaId\":\"B34E56EF-CACF-4B94-A6D8-FD59F9B903F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf208:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F877C3F-7DEA-48C0-A1BD-59CE32F25CE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf209:*:*:*:*:*:*\",\"matchCriteriaId\":\"13338A64-8125-4CF0-9E20-13447AF40C06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf210:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EA6F232-73A9-4AD5-A4B3-57E5A87F21AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf211:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7FFF566-E918-40B4-8489-1A493D644485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf212:*:*:*:*:*:*\",\"matchCriteriaId\":\"154CBFD6-E92F-4014-8BC9-5E0276DFEFAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf213:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EA08207-8052-459B-87E5-FD85975150F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf214:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7E3274E-0A91-486A-9BE1-D08053940E08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf215:*:*:*:*:*:*\",\"matchCriteriaId\":\"18C33615-3520-4F57-9592-783FBFF09B01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf216:*:*:*:*:*:*\",\"matchCriteriaId\":\"76D963EF-2E05-4492-8C57-D9D80F8ECBCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf217:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D3AA63E-1687-43DB-B4BE-17C747057494\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf218:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B5E6EAC-B190-4338-A851-B734EB885C13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf219:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DB5EF9A-55BF-4D33-96B6-D12414C73706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf220:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8F24E20-3513-4DB4-BB03-D80D6B9EE6B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf221:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1B2E02E-BAEA-4F94-ACB5-4BC03DEB642E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf222:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F63C4AF-7730-4430-96E2-15DC2D89E5B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf223:*:*:*:*:*:*\",\"matchCriteriaId\":\"E06BD8F5-4BDD-4F47-BD22-91DFAD20D03A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf224:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B3FEBF7-FA66-4A86-A76B-023F99B7E2E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf225:*:*:*:*:*:*\",\"matchCriteriaId\":\"1683A002-768A-49F8-9724-00F755DB7913\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf226:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFA28CF4-F7A5-40F7-96EC-12112EA5E8FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf227:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB3030B5-491F-4EFD-8F83-B17AF4915860\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf228:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FA43DC4-DE70-4B25-BE19-02E5911849A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf229:*:*:*:*:*:*\",\"matchCriteriaId\":\"064C3181-01AA-4128-845B-278364199887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf230:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A2DA489-C5B8-4C6A-931F-4B2C6022733C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf231:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CEB2C47-4CE4-46B7-A332-E20B1F079140\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf232:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F149D74-1AFB-415D-892D-BA10DAE6221E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf233:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3DED888-8B7B-4AFF-8577-B0F57F30035C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hcltech:digital_experience:9.5:cf234:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E4A7EF6-1954-426A-A8B1-F0D57E2CCCBA\"}]}]}],\"references\":[{\"url\":\"https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130849\",\"source\":\"psirt@hcl.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21825\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-09T13:28:16.871212Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-09T13:28:20.632Z\"}}], \"cna\": {\"title\": \"HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"HCLSoftware\", \"product\": \"DX Compose\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.5\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-06-05T05:37:00.000Z\", \"references\": [{\"url\": \"https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130849\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.\\u00a0 An attacker could execute arbitrary JavaScript in the victim\u0027s browser.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.\u0026nbsp; An attacker could execute arbitrary JavaScript in the victim\u0027s browser.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"shortName\": \"HCL\", \"dateUpdated\": \"2026-06-05T06:03:11.053Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-21825\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-09T14:38:04.092Z\", \"dateReserved\": \"2026-01-05T16:08:22.254Z\", \"assignerOrgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"datePublished\": \"2026-06-05T06:03:11.053Z\", \"assignerShortName\": \"HCL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…