FKIE_CVE-2026-21825

Vulnerability from fkie_nvd - Published: 2026-06-05 07:16 - Updated: 2026-06-10 19:24
Severity
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.  An attacker could execute arbitrary JavaScript in the victim's browser.
References
psirt@hcl.comhttps://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849Vendor Advisory
Impacted products
Vendor Product Version
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience_compose 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
hcltech digital_experience 9.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "EA10D3C3-C284-4880-AC26-BBB7DB38A23B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf224:*:*:*:*:*:*",
              "matchCriteriaId": "B1B6A0A6-CBC8-42B3-9718-4B9F668CB9A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf225:*:*:*:*:*:*",
              "matchCriteriaId": "2700CD74-E4D8-4FE6-89B2-55043A11F71E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf226:*:*:*:*:*:*",
              "matchCriteriaId": "AFB9AFA0-C510-4AFA-800B-FC356E2CD60E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf227:*:*:*:*:*:*",
              "matchCriteriaId": "ED000717-515A-404F-8CD7-015391857A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf228:*:*:*:*:*:*",
              "matchCriteriaId": "EDE748ED-402C-40CF-9913-CA3398B39DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf229:*:*:*:*:*:*",
              "matchCriteriaId": "BF2E7C7C-47CE-4216-8019-D3EDA5835104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf230:*:*:*:*:*:*",
              "matchCriteriaId": "45417D1B-D339-409C-8E28-E939F118BCD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf231:*:*:*:*:*:*",
              "matchCriteriaId": "2B7631B4-7C09-4FB7-A3DD-81A681BBACC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf232:*:*:*:*:*:*",
              "matchCriteriaId": "E9442342-3542-49C8-B01E-D69E4D3FFAD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf233:*:*:*:*:*:*",
              "matchCriteriaId": "7F0272C6-012C-4DB2-BAF5-461B3D4EE588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf234:*:*:*:*:*:*",
              "matchCriteriaId": "7A9E3C55-054D-48C7-BCEC-8E1540317C7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "B7726847-A415-4C5B-9997-67DDA48381D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf17:*:*:*:*:*:*",
              "matchCriteriaId": "79E93476-E767-4F67-88B2-790555132DD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf171:*:*:*:*:*:*",
              "matchCriteriaId": "3E86C441-38FC-46D2-BC76-E241C6F25682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf172:*:*:*:*:*:*",
              "matchCriteriaId": "95B210EB-3C1F-48E2-97A3-BC33BCA5613E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf173:*:*:*:*:*:*",
              "matchCriteriaId": "37E8CE4C-60AF-4501-B2A8-887D894A83E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf18:*:*:*:*:*:*",
              "matchCriteriaId": "077ACEC7-4FB3-4546-B25C-27FF87E744E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf181:*:*:*:*:*:*",
              "matchCriteriaId": "5987539C-F1E2-4DA4-A94D-56B49E1A89C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf182:*:*:*:*:*:*",
              "matchCriteriaId": "B4769476-6D01-407E-8DD5-15AE47F15A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf183:*:*:*:*:*:*",
              "matchCriteriaId": "209F0AD7-CB0F-4888-83C4-935167CD8A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf184:*:*:*:*:*:*",
              "matchCriteriaId": "5B4E0077-3EE3-4F45-9D0D-9F2F7F06A21A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf19:*:*:*:*:*:*",
              "matchCriteriaId": "0A643F55-D3C0-4681-832F-64D091EECA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf191:*:*:*:*:*:*",
              "matchCriteriaId": "E5E3A637-FBCE-4EA7-8BE7-662F19219C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf192:*:*:*:*:*:*",
              "matchCriteriaId": "DCA57208-8F6D-4110-8A95-0D8AC9DE25F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf193:*:*:*:*:*:*",
              "matchCriteriaId": "02E5D3F6-DB54-4193-9884-81654CF85293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf194:*:*:*:*:*:*",
              "matchCriteriaId": "B39D31A9-04D2-4E2D-A1F9-F67610CEF425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf195:*:*:*:*:*:*",
              "matchCriteriaId": "C2474A59-CF18-49CC-8B26-C40B31D521DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf196:*:*:*:*:*:*",
              "matchCriteriaId": "DDDACE6E-8A8F-4F37-A159-288E4CA3FA23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf197:*:*:*:*:*:*",
              "matchCriteriaId": "4956E2A0-7519-4CF1-AA23-25F1E75C4704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf198:*:*:*:*:*:*",
              "matchCriteriaId": "053D3981-2629-41B1-937E-76C44C94F412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf199:*:*:*:*:*:*",
              "matchCriteriaId": "FE0278A5-9F19-40E5-A2D9-AFFB9D621AEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf200:*:*:*:*:*:*",
              "matchCriteriaId": "89668531-4116-4B30-B921-89CE1AFAB5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf201:*:*:*:*:*:*",
              "matchCriteriaId": "0E9720DF-C28B-4E52-B1F1-6CB15DB7570B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf202:*:*:*:*:*:*",
              "matchCriteriaId": "CE04EFCC-AADF-444F-97F6-8C7EA38E9810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf203:*:*:*:*:*:*",
              "matchCriteriaId": "F9C8052E-06F3-4D71-86D2-CAC7DD641406",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf204:*:*:*:*:*:*",
              "matchCriteriaId": "0B4C6DE0-FA68-4F34-8D8D-E8A2EF0BF986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf205:*:*:*:*:*:*",
              "matchCriteriaId": "698363E8-98C1-4945-926D-439909962E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf206:*:*:*:*:*:*",
              "matchCriteriaId": "D39092E3-98FC-4335-9D90-C8C34A6B20B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf207:*:*:*:*:*:*",
              "matchCriteriaId": "B34E56EF-CACF-4B94-A6D8-FD59F9B903F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf208:*:*:*:*:*:*",
              "matchCriteriaId": "5F877C3F-7DEA-48C0-A1BD-59CE32F25CE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf209:*:*:*:*:*:*",
              "matchCriteriaId": "13338A64-8125-4CF0-9E20-13447AF40C06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf210:*:*:*:*:*:*",
              "matchCriteriaId": "6EA6F232-73A9-4AD5-A4B3-57E5A87F21AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf211:*:*:*:*:*:*",
              "matchCriteriaId": "B7FFF566-E918-40B4-8489-1A493D644485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf212:*:*:*:*:*:*",
              "matchCriteriaId": "154CBFD6-E92F-4014-8BC9-5E0276DFEFAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf213:*:*:*:*:*:*",
              "matchCriteriaId": "6EA08207-8052-459B-87E5-FD85975150F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf214:*:*:*:*:*:*",
              "matchCriteriaId": "C7E3274E-0A91-486A-9BE1-D08053940E08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf215:*:*:*:*:*:*",
              "matchCriteriaId": "18C33615-3520-4F57-9592-783FBFF09B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf216:*:*:*:*:*:*",
              "matchCriteriaId": "76D963EF-2E05-4492-8C57-D9D80F8ECBCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf217:*:*:*:*:*:*",
              "matchCriteriaId": "5D3AA63E-1687-43DB-B4BE-17C747057494",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf218:*:*:*:*:*:*",
              "matchCriteriaId": "0B5E6EAC-B190-4338-A851-B734EB885C13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf219:*:*:*:*:*:*",
              "matchCriteriaId": "9DB5EF9A-55BF-4D33-96B6-D12414C73706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf220:*:*:*:*:*:*",
              "matchCriteriaId": "E8F24E20-3513-4DB4-BB03-D80D6B9EE6B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf221:*:*:*:*:*:*",
              "matchCriteriaId": "E1B2E02E-BAEA-4F94-ACB5-4BC03DEB642E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf222:*:*:*:*:*:*",
              "matchCriteriaId": "8F63C4AF-7730-4430-96E2-15DC2D89E5B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf223:*:*:*:*:*:*",
              "matchCriteriaId": "E06BD8F5-4BDD-4F47-BD22-91DFAD20D03A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf224:*:*:*:*:*:*",
              "matchCriteriaId": "6B3FEBF7-FA66-4A86-A76B-023F99B7E2E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf225:*:*:*:*:*:*",
              "matchCriteriaId": "1683A002-768A-49F8-9724-00F755DB7913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf226:*:*:*:*:*:*",
              "matchCriteriaId": "FFA28CF4-F7A5-40F7-96EC-12112EA5E8FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf227:*:*:*:*:*:*",
              "matchCriteriaId": "EB3030B5-491F-4EFD-8F83-B17AF4915860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf228:*:*:*:*:*:*",
              "matchCriteriaId": "8FA43DC4-DE70-4B25-BE19-02E5911849A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf229:*:*:*:*:*:*",
              "matchCriteriaId": "064C3181-01AA-4128-845B-278364199887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf230:*:*:*:*:*:*",
              "matchCriteriaId": "0A2DA489-C5B8-4C6A-931F-4B2C6022733C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf231:*:*:*:*:*:*",
              "matchCriteriaId": "0CEB2C47-4CE4-46B7-A332-E20B1F079140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf232:*:*:*:*:*:*",
              "matchCriteriaId": "8F149D74-1AFB-415D-892D-BA10DAE6221E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf233:*:*:*:*:*:*",
              "matchCriteriaId": "F3DED888-8B7B-4AFF-8577-B0F57F30035C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:cf234:*:*:*:*:*:*",
              "matchCriteriaId": "2E4A7EF6-1954-426A-A8B1-F0D57E2CCCBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.\u00a0 An attacker could execute arbitrary JavaScript in the victim\u0027s browser."
    }
  ],
  "id": "CVE-2026-21825",
  "lastModified": "2026-06-10T19:24:05.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@hcl.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-06-05T07:16:29.707",
  "references": [
    {
      "source": "psirt@hcl.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130849"
    }
  ],
  "sourceIdentifier": "psirt@hcl.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@hcl.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.