HCL Verse for Android is susceptible to an injection vulnerability

6.3 / 10

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Description

The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.

Basic Information

ID CVE-2026-21768

Source HCL

Published Jun 19, 2026 at 14:50

Affected Product

Vendor HCLSoftware

Product Verse for Android

Version 14.5.10

Affected Versions HCLSoftware Verse for Android 14.5.10

CWE Classification

CWE-20 CWE-79

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.",
    "published": "2026-06-19T14:50:02.931Z",
    "modified": "2026-06-19T14:50:02.931Z",
    "type": "cve",
    "title": "HCL Verse for Android is susceptible to an injection vulnerability",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130866",
    "id": "CVE-2026-21768",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "HCLSoftware Verse for Android 14.5.10",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Verse for Android",
    "version": "14.5.10",
    "vendor": "HCLSoftware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL Verse for Android is susceptible to an injection vulnerability_CVE-2026-21768