CVE-2026-21825

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-21825
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center.  An attacker could execute arbitrary JavaScript in the victim's browser.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hcltech:digital_experience_compose:9.5:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf224:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf225:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf226:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf227:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf228:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf229:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf230:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf231:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf232:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf233:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf234:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:hcltech:digital_experience:9.5:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf17:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf171:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf172:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf173:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf18:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf181:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf182:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf183:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf184:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf19:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf191:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf192:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf193:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf194:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf195:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf196:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf197:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf198:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf199:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf200:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf201:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf202:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf203:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf204:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf205:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf206:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf207:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf208:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf209:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf210:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf211:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf212:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf213:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf214:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf215:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf216:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf217:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf218:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf219:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf220:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf221:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf222:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf223:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf224:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf225:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf226:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf227:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf228:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf229:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf230:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf231:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf232:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf233:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf234:*:*:*:*:*:*
History

10 Jun 2026, 19:24

Type Values Removed Values Added
CPE cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf224:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf224:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf220:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf197:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf212:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf228:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf202:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf191:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:-:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf229:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf18:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf232:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf204:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf228:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf207:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf219:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf226:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf214:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf198:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf203:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf201:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf171:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf192:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf230:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf199:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf206:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf213:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf195:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf225:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf210:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf200:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf183:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf225:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf194:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf215:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf17:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf173:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf233:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf208:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf230:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf229:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf181:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf227:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf19:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf226:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf223:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf234:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf193:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf233:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf182:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf232:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf231:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf209:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf216:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf205:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf221:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf172:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf196:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf211:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf227:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf217:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf222:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf218:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience_compose:9.5:cf234:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf231:*:*:*:*:*:*
cpe:2.3:a:hcltech:digital_experience:9.5:cf184:*:*:*:*:*:*
First Time Hcltech
Hcltech digital Experience Compose
Hcltech digital Experience
References () https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849 - () https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130849 - Vendor Advisory

05 Jun 2026, 07:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-06-05 07:16

Updated : 2026-06-10 19:24

NVD link : CVE-2026-21825

Mitre link : CVE-2026-21825

CVE.ORG link : CVE-2026-21825

JSON object : View

Products Affected

hcltech

  • digital_experience_compose
  • digital_experience
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')