CVE-2025-31992

Description

HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session.

PUBLISHED Reserved 2025-04-01 | Published 2025-10-12 | Updated 2025-10-12 | Assigner HCL

Problem types

CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Product status

References

support.hcl-software.com/...rticle&sysparm_article=KB0124424

cve.org (CVE-2025-31992)

nvd.nist.gov (CVE-2025-31992)

Download JSON