CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30113 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30113
24 Apr 2025 — Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30114 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30114
24 Apr 2025 — Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30147 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30147
24 Apr 2025 — Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30148 – HCL Leap is affected by improper access control
https://notcve.org/view.php?id=CVE-2024-30148
24 Apr 2025 — Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-284: Improper Access Control •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42178 – HCL MyXalytics is affected by a failure to restrict URL access vulnerability
https://notcve.org/view.php?id=CVE-2024-42178
17 Apr 2025 — HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution. HCL MyXalytics se ve afectado por una vulnerabilidad de acceso a URL fallida. Usuarios no autenticados podrían obtener acceso no autorizado a información potencialmente confidencial, lo que crea un riesgo de uso indebido, manipulación o distribución no autorizada. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120502 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42177 – HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities
https://notcve.org/view.php?id=CVE-2024-42177
17 Apr 2025 — HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120504 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42208 – HCL Connections is vulnerable to an information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-42208
04 Apr 2025 — HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. HCL Connections es vulnerable a una vulnerabilidad de divulgación de información que podría permitir que un usuario obtenga información confidencial a la que no tiene derecho, debido a una gestión inadecuada de los datos solicitados. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0278 – An internal path disclosure vulnerability affects HCL Traveler
https://notcve.org/view.php?id=CVE-2025-0278
03 Apr 2025 — HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests. HCL Traveler se ve afectado por una divulgación de ruta interna en una aplicación de Windows cuando la aplicación revela inadvertidamente rutas de archivos internas, en mensajes de error, registros de depuración o respuestas a solicitudes de usuario. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120335 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0279 – HCL Traveler is affected by generation of error messages containing sensitive information
https://notcve.org/view.php?id=CVE-2025-0279
03 Apr 2025 — HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks. HCL Traveler genera mensajes de error que proporcionan información detallada sobre errores y fallos, como rutas internas, nombres de archivo, tokens confidenciales, credenciales, có... • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120336 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30155 – HCL SX is susceptible to cookie with Insecure, Improper, or Missing SameSite attribute vulnerability
https://notcve.org/view.php?id=CVE-2024-30155
26 Mar 2025 — HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF). • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120110 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •