CVE-2025-31970

CVE-2025-31970 affects HCL DFXAnalytics. The issue is an Insecure Security Header configuration: Content-Security-Policy lacks strict directives for object-src and base-uri, enabling potential injection vectors such as XSS. Metrics show CVSS v3.1 base score 5.3 (Medium) with NETWORK attack vector...

HCL DFXAnalytics 安全漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a security vulnerability, which stems from insufficient transport layer protection. Data is transmitted over the network without encryption, allowing attackers to...

HCL DFXAnalytics 跨站脚本漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a cross-site scripting vulnerability, which stems from insecure Security Header configurations. The application uses outdated X-XSS-Protection headers. Attackers may...

PT-2026-37440

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information...

PT-2026-37442

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...