Filtered by vendor Hcltech
Subscriptions
Filtered by product Leap
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30147 | 1 Hcltech | 1 Leap | 2025-10-29 | 6.5 Medium |
| Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. | ||||
| CVE-2024-30114 | 1 Hcltech | 1 Leap | 2025-10-29 | 3.7 Low |
| Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | ||||
| CVE-2024-30113 | 1 Hcltech | 1 Leap | 2025-10-29 | 6.3 Medium |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | ||||
| CVE-2023-45720 | 1 Hcltech | 1 Leap | 2025-10-29 | 5.3 Medium |
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
| CVE-2023-37534 | 1 Hcltech | 1 Leap | 2025-10-29 | 7.1 High |
| Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | ||||
| CVE-2024-30127 | 1 Hcltech | 1 Leap | 2025-10-29 | 3.2 Low |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | ||||
| CVE-2023-37516 | 1 Hcltech | 1 Leap | 2025-10-29 | 3.2 Low |
| Missing "no cache" headers in HCL Leap permits user directory information to be cached. | ||||
| CVE-2022-44760 | 1 Hcltech | 1 Leap | 2025-10-29 | 4.6 Medium |
| Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | ||||
| CVE-2022-44759 | 1 Hcltech | 1 Leap | 2025-10-29 | 4.6 Medium |
| Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | ||||
| CVE-2024-30148 | 1 Hcltech | 1 Leap | 2025-10-29 | 4.1 Medium |
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | ||||
Page 1 of 1.