CVE-2026-21825
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
HCL Digital Experience Compose is affected by a reflected XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.
Risk Assessment
Exploitation of this vulnerability could lead to user data theft or session hijacking. Organizations should be aware of the potential security threats to users.
Recommendation
It is recommended to update the software to the latest version and implement appropriate XSS filters and protections in the application.
Original NVD description (English source)
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.

