CVE & Exploit Intelligence Database

CVE-2025-62326 6.1 MEDIUM EPSS 0.00

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.

CWE-79 Feb 20, 2026

CVE-2025-31988 4.9 MEDIUM EPSS 0.00

HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access.

CWE-79 Aug 19, 2025

CVE-2023-37538 9.3 CRITICAL EPSS 0.00

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

CWE-79 Oct 11, 2023

CVE-2022-38653 2.0 LOW EPSS 0.00

In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.

CWE-79 Dec 19, 2022

CVE-2020-4081 6.1 MEDIUM EPSS 0.00

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS).

CWE-79 Feb 02, 2021

CVE-2020-14255 7.5 HIGH EPSS 0.00

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.

Feb 02, 2021

CVE-2020-14221 4.9 MEDIUM EPSS 0.00

HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.

Feb 02, 2021

CVE-2020-14223 6.1 MEDIUM EPSS 0.00

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.

CWE-79 Oct 01, 2020