| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. |
| Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications. |
| Missing "no cache" headers in HCL Leap permits user directory information to be cached. |
| Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications. |
| Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications. |
| Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment. |
| Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget. |
| Insufficient default configuration in HCL Leap
allows anonymous access to directory information. |
| Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters. |
| Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem. |
| HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see. |
| Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications. |
| Insufficient default configuration in HCL Leap
allows anonymous access to directory information. |
| Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget. |
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. |
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications |
| Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications. |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. |
| Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters. |
| HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts. |
