Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Hcltech
Filtered by product Hcl Leap
Angry Yack Logo
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-30127 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 3.2 LOW
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
CVE-2022-44759 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 4.6 MEDIUM
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.
CVE-2023-37516 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 3.2 LOW
Missing "no cache" headers in HCL Leap permits user directory information to be cached.
CVE-2022-44760 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 4.6 MEDIUM
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.
CVE-2024-30147 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 6.5 MEDIUM
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
CVE-2024-30114 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 3.7 LOW
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.
CVE-2024-30113 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 6.3 MEDIUM
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
CVE-2023-45720 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 5.3 MEDIUM
Insufficient default configuration in HCL Leap allows anonymous access to directory information.
CVE-2023-37534 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 7.1 HIGH
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters.
CVE-2024-30148 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 4.1 MEDIUM
Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.
CVE-2022-38657 1 Hcltech 1 Hcl Leap 2025-03-26 N/A 8.2 HIGH
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page.