CVE-2024-42210 | THREATINT

Description

A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

PUBLISHED Reserved 2024-07-29 | Published 2026-03-19 | Updated 2026-03-23 | Assigner HCL

HIGH: 7.6CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

Product status

Default status

unaffected

<= 12.1.8

affected

Credits

Mario Tesoro finder

References

github.com/...ty-research/blob/main/CVE-2024-42210/README.md

support.hcl-software.com/...rticle&sysparm_article=KB0123760

cve.org (CVE-2024-42210)

nvd.nist.gov (CVE-2024-42210)

Download JSON