CVE-2022-44760 MEDIUM

CVE-2022-44760: HCL Leap is affected by an unrestricted upload of file with dangerous type vulnerability

Vendor Hcl Software
Product HCL Leap
Weakness CWE-434 · Unrestricted file upload
Published April 24, 2025
Last update April 25, 2025

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.

Key dates

02Disclosure timeline

April 24, 2025 CVE published
April 25, 2025 Record updated