Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

digital_experience_compose

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-21825
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 8.78%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 06:03
Updated-10 Jun, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.  An attacker could execute arbitrary JavaScript in the victim's browser.

Action-Not Available
Vendor-HCLSoftwareHCL Technologies Ltd.
Product-digital_experiencedigital_experience_composeDX Compose
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-21826
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 7.90%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 05:58
Updated-10 Jun, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection.  An attacker can manipulate the Host header and cause the application to behave in unexpected ways.

Action-Not Available
Vendor-HCLSoftwareHCL Technologies Ltd.
Product-digital_experiencedigital_experience_composeDigital Experience & DX Compose
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-21837
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-8.7||HIGH
EPSS-0.46% / 64.35%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 05:50
Updated-10 Jun, 2026 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.

Action-Not Available
Vendor-HCLSoftwareHCL Technologies Ltd.
Product-digital_experiencedigital_experience_composeDigital Experience
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')