Hcltech: >> Digital Experience Compose >> 9.5 Security Vulnerabilities
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
CVSS Score
8.7
EPSS Score
0.001
Published
2026-06-05
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-06-05
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-06-05