CVE-2024-42210

A Stored cross-site scripting XSS vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP...

CVE-2024-42210

CVE-2024-42210 affects HCL Unica Marketing Operations v12.1.8 and earlier. It is a Stored XSS vulnerability (second-order/persistent XSS) where data from untrusted sources can be included in later HTTP responses in an unsafe manner. The CVSS 3.1 base metrics indicate a HIGH severity (7.6) with ne...

CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

CVE-2025-62320

CVE-2025-62320 describes an HTML Injection vulnerability affecting the HCL Unica Platform. The issue arises when a web application does not properly validate or sanitize user input before rendering it on pages, enabling an attacker to inject HTML. When a browser loads the affected page, it may au...

CVE-2025-51735

CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0...

HCL Unica 安全漏洞

HCL Unica is an enterprise-level marketing automation and campaign management platform from HCL India. A security vulnerability exists in HCL Unica version 12.0.0 that stems from vulnerability to cross-site scripting attacks...

HCL Unica 安全漏洞

HCL Unica is an enterprise-level marketing automation and campaign management platform from HCL India. A security vulnerability exists in HCL Unica version 12.0.0 that stems from vulnerability to file upload attacks...

CVE-2025-51736

CVE-2025-51736 is a file upload vulnerability affecting HCL Technologies Ltd. Unica 12.0.0. Multiple connected sources (Red Hat, NVD, EUVD, CNNVD, CVE listings) corroborate a vulnerable file upload mechanism, but the exact root cause details beyond this are not elaborated in the provided document...

CVE-2025-31995

HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc...

CVE-2025-31994

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

CVE-2025-52614

HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site...

EUVD-2025-33959

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

CVE-2025-31993

HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery SSRF. An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server...

CVE-2025-31995 HCL Unica MaxAI Workbench is vulnerable to improper input validation

HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc...

CVE-2025-31995

The CVE-2025-31995 entry concerns HCL Unica MaxAI Workbench, with the root cause identified as improper input validation. Multiple connected sources (Red Hat, EU ENISA, NVD, CVE lists, and security vendors) confirm that this vulnerability could enable SQL injection, cross-site scripting (XSS), or...

CVE-2025-31996

HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users...

CVE-2025-31996

HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users...

CVE-2025-31994

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

CVE-2025-31994

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject malicious script into an HTTP request, which is reflected in the server’s immediate response and executed in the victim’s browser. The vulnerability is documented across multiple sources (incl...