CVE-2025-63401 | THREATINT

Description

Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives

PUBLISHED Reserved 2025-10-27 | Published 2025-12-03 | Updated 2025-12-03 | Assigner mitre

References

hcltech.com

hcl.com

excalibur-hcl.my.salesforce.com/sfc/p/

cve.org (CVE-2025-63401)

nvd.nist.gov (CVE-2025-63401)