CVE-2025-31994 | THREATINT

Description

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.

PUBLISHED Reserved 2025-04-01 | Published 2025-10-13 | Updated 2025-10-13 | Assigner HCL

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

<= 12.1.10

affected

References

support.hcl-software.com/...rticle&sysparm_article=KB0124472

cve.org (CVE-2025-31994)

nvd.nist.gov (CVE-2025-31994)

Download JSON