What the vulnerability does
01Description
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
CVE-2024-30113
MEDIUM
CVE-2024-30113: HCL Leap is affected by a cross-site scripting (XSS) vulnerability
CVSS base score
6.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Key dates
02Disclosure timeline
April 24, 2025
CVE published
April 24, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-3613 SourceCodester Warehouse Management System supplier.php cross site scripting
CVE-2024-38038 BUG-000165732 - Reflected XSS in Portal for ArcGIS
CVE-2021-24664 WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting
CVE-2025-7430 Stored XSS
CVE-2021-24533 Maintenance < 4.03 - Authenticated Stored XSS
