PatchSiren cyber security CVE debrief
CVE-2026-21825 HCLSoftware CVE debrief
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.
- Vendor
- HCLSoftware
- Product
- DX Compose
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of HCL Digital Experience Compose, particularly those using version 9.5, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is a reflected cross-site scripting (XSS) issue in the search center of HCL Digital Experience Compose. This allows an attacker to execute arbitrary JavaScript in the victim's browser.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch or fix provided by the vendor as referenced in [ref-4].
- Restrict access to the search center to trusted users.
- Implement additional security measures such as input validation and output encoding.
Evidence notes
The CVE-2026-21825 record and associated details were obtained from official sources, including CVE.org and the National Vulnerability Database (NVD).
Official resources
-
CVE-2026-21825 CVE record
CVE.org
-
CVE-2026-21825 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-21825 was published on 2026-06-05T07:16:29.707Z and modified on 2026-06-10T19:24:05.453Z.