HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center
CVE-2026-21825

6.1MEDIUM

Key Information:

Vendor: HCL Softwaresoftware
Status: Dx Compose
Vendor: CVE Published:; 5 June 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2026-21825?

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.

Affected Version(s)

DX Compose 9.5

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-21825 Data

JSON