MEDIUM🇬🇧 English

CVE-2026-21826

CVSS 6.1v3.1pub. 2026-06-05upd. 2026-06-10

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Hcltech Digital Experience

    APP
    Hcltech
    9.5
  • Hcltech Digital Experience Compose

    APP
    Hcltech
    9.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-37538CRITICAL9.3ten sam produkt

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflect...

CVE-2026-21837HIGH8.7ten sam produkt

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management AP...

CVE-2020-14255HIGH7.5ten sam produkt

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized...

CVE-2026-21825MEDIUM6.1ten sam produkt

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the sear...

CVE-2025-62326MEDIUM6.1ten sam produkt

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interfac...