HCL Digital Experience: Stored XSS in Admin Interface

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.8

HCL Digital Experience: Stored XSS in Admin Interface

CVE-2025-62326

Summary

A hacker could inject malicious code into the HCL Digital Experience admin interface, potentially taking control of the system or stealing sensitive information. This requires an attacker to have elevated privileges. Admins should review and update the software to the latest version to prevent exploitation.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
hcltech	digital_experience	9.5	–

Original title

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.

Original description

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.

nvd CVSS3.1 4.8

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128824 Vendor Advisory

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026