This page lists publicly disclosed CVE vulnerabilities affecting hcltech hcl_leap (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-30127 | Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | [email protected] | 3.2 | 0.06% | 2025-04-24 | 2025-11-17 |
| CVE-2023-37516 | Missing "no cache" headers in HCL Leap permits user directory information to be cached. | [email protected] | 3.2 | 0.06% | 2025-04-24 | 2025-11-17 |
| CVE-2022-44760 | Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | [email protected] | 4.6 | 0.47% | 2025-04-24 | 2025-11-17 |
| CVE-2022-44759 | Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | [email protected] | 4.6 | 0.31% | 2025-04-24 | 2025-11-17 |
| CVE-2024-30147 | Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. | [email protected] | 6.5 | 0.43% | 2025-04-24 | 2025-11-17 |
| CVE-2024-30114 | Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | [email protected] | 3.7 | 0.13% | 2025-04-24 | 2025-11-17 |
| CVE-2024-30113 | Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | [email protected] | 6.3 | 0.18% | 2025-04-24 | 2025-11-17 |
| CVE-2023-45720 | Insufficient default configuration in HCL Leap allows anonymous access to directory information. | [email protected] | 5.3 | 0.53% | 2025-04-24 | 2025-11-17 |
| CVE-2023-37534 | Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | [email protected] | 7.1 | 0.39% | 2025-04-24 | 2025-11-17 |
| CVE-2024-30148 | Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | [email protected] | 4.1 | 0.06% | 2025-04-24 | 2025-11-17 |
| CVE-2022-38657 | An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | [email protected] | 8.2 | 0.13% | 2023-02-12 | 2025-03-26 |