Hcltech Digital Experience — known CVE vulnerabilities
Every CVE whose affected-product data names Hcltech Digital Experience, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-37538 — CVSS 9.3 (critical): HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an…
CVE-2026-21837 — CVSS 8.8 (high): HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute…
CVE-2020-14255 — CVSS 7.5 (high): HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted…
CVE-2026-21825 — CVSS 6.1 (medium): HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could…
CVE-2026-21826 — CVSS 6.1 (medium): HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the…
CVE-2020-14223 — CVSS 6.1 (medium): HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or…
CVE-2020-4081 — CVSS 6.1 (medium): In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).
CVE-2025-62326 — CVSS 6.1 (medium): HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require…
CVE-2020-14221 — CVSS 4.9 (medium): HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
CVE-2025-31988 — CVSS 4.9 (medium): HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.
CVE-2022-38653 — CVSS 2.0 (low): In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.