Client-Side Script Injection in HCL Leap by HCL Technologies
CVE-2024-30147

6.5MEDIUM

Key Information:

Vendor: HCL Software Software
Status: HCL Software Leap
Vendor: CVE Published:; 24 April 2025

Summary

A vulnerability in HCL Leap allows attackers to inject malicious scripts into the authoring environment and deployed applications, posing significant risks to user data integrity and application security. This client-side script injection can be exploited through multiple vectors, making it essential for users to apply the latest updates to mitigate risks.

Affected Version(s)

HCL Leap < 9.3.8

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Mar 22, 2024