CVE Catalog

CVE-2026-21825

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

10th percentile - higher than 10% of all known CVEs

Summary

HCL Digital Experience Compose is affected by a reflected XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.

Risk Assessment

Exploitation of this vulnerability could lead to user data theft or session hijacking. Organizations should be aware of the potential security threats to users.

Recommendation

It is recommended to update the software to the latest version and implement appropriate XSS filters and protections in the application.

Original NVD description (English source)

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.  An attacker could execute arbitrary JavaScript in the victim's browser.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS