Client-Side Script Injection Vulnerability in HCL Leap by HCL Technologies
CVE-2024-30114

3.7LOW

Key Information:

Vendor: HCL Software Software
Status: HCL Software Leap
Vendor: CVE Published:; 24 April 2025

Summary

A vulnerability has been identified in HCL Leap that allows for client-side script injection due to insufficient sanitization measures within the authoring environment. This flaw could potentially enable attackers to execute arbitrary scripts within the context of the application, compromising the security and integrity of user data.

Affected Version(s)

HCL Leap < 9.3.6

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Mar 22, 2024