CVE-2024-30115 – HCL Leap Cross-Site Scripting (XSS)

April 30, 2025

CVE ID : CVE-2024-30115

Published : April 30, 2025, 10:15 p.m. | 54 minutes ago

Description : Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-30145 – IBM HCL Domino Volt and Domino Leap Client-Side Script Injection Vulnerability

Next Article CVE-2023-4533 – Red Hat OpenShift Remote Code Execution

Highlights

CVE-2025-47942 – Open edX Platform Python Lib Zip File Download Unauthorized Access Vulnerability

May 21, 2025

CVE ID : CVE-2025-47942

Published : May 21, 2025, 10:15 p.m. | 35 minutes ago

Description : The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course problems. This potentially affects any course using custom Python-graded problem blocks. The openedx/configuration repo has had a patch since 2016 in the form of an nginx rule, but this was only intended as a temporary mitigation. As the configuration repo has been deprecated and we have not been able to locate any similar protection in Tutor, it is likely that most deployments have no protection against python_lib.zip being downloaded. The recommended mitigation, implemented in commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, restricts python_lib.zip downloads to just the course team and site staff/superusers.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

The attack on the npm ecosystem continues

The attack on the npm ecosystem continues

Feature Highlight

SVAR React Core – New UI Library with 20+ Components

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

CVE-2024-30115 – HCL Leap Cross-Site Scripting (XSS)

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

‘UNC3886 is Attacking Our Critical Infrastructure Right Now’: Singapore’s National Security Lawmaker

CVE-2012-10045 – XODA PHP File Upload RCE

This early PRIME DAY deal will nab you a flagship Surface Laptop 7 for less than Microsoft’s midrange Surface Laptop 13-inch — but not for long!

CVE-2025-7118 – UTT HiPER 840G Buffer Overflow Vulnerability

CVE-2025-47942 – Open edX Platform Python Lib Zip File Download Unauthorized Access Vulnerability

CVE-2025-30018 – SAP SRM Information Disclosure

CVE-2025-54131 – Cursor Command Injection Bypass

NVIDIA GeForce NOW adds Mafia: The Old Country & more in packed GFN Thursday lineup

CVE-2024-30115 – HCL Leap Cross-Site Scripting (XSS)

Related Posts