CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37516 – HCL Leap is affected by missing "no cache" headers
https://notcve.org/view.php?id=CVE-2023-37516
24 Apr 2025 — Missing "no cache" headers in HCL Leap permits user directory information to be cached. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30127 – HCL Leap is affected by missing "no cache" headers
https://notcve.org/view.php?id=CVE-2024-30127
24 Apr 2025 — Missing "no cache" headers in HCL Leap permits sensitive data to be cached. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37534 – HCL Leap is affected by a Cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-37534
24 Apr 2025 — Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45720 – HCL Leap is affected by a disclosure of private personal information vulnerability
https://notcve.org/view.php?id=CVE-2023-45720
24 Apr 2025 — Insufficient default configuration in HCL Leap allows anonymous access to directory information. Insufficient default configuration in HCL Leap allows anonymous access to directory information. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30113 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30113
24 Apr 2025 — Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30114 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30114
24 Apr 2025 — Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30147 – HCL Leap is affected by a cross-site scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30147
24 Apr 2025 — Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30148 – HCL Leap is affected by improper access control
https://notcve.org/view.php?id=CVE-2024-30148
24 Apr 2025 — Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900 • CWE-284: Improper Access Control •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38657 – An open redirect to malicious sites affects HCL Leap
https://notcve.org/view.php?id=CVE-2022-38657
02 Feb 2023 — An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097201 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •