Client-side Script Injection Vulnerability in HCL Leap
CVE-2022-44759
4.6MEDIUM
Key Information:
- Vendor
- HCL Software Software
- Status
- HCL Software Leap
- Vendor
- CVE Published:
- 24 April 2025
Summary
This vulnerability arises from the inadequate sanitization of SVG files within HCL Leap. An attacker could exploit this flaw to inject malicious client-side scripts into applications deployed using HCL Leap, potentially compromising user data and application integrity. It is crucial for organizations using HCL Leap to implement immediate security measures to mitigate this risk and safeguard their applications from potential exploitation.
Affected Version(s)
HCL Leap 9.0 - 9.3
References
CVSS V3.1
Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved