CVE-2025-55273

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking...

CVE-2025-55273

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking...

CVE-2025-55273

HCL Aftermarket DPC is affected by a Cross Domain Script Include vulnerability. External scripts can tamper with the DOM, altering content/behavior and potentially enabling theft of cookies/session tokens leading to session hijacking. CVSS 3.1 base score 4.3 (Medium); attack vector: network, priv...

PT-2026-28298

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description HCL Aftermarket DPC is susceptible to a Cross Domain Script Include issue. An attacker can use external scripts to manipulate the Document Object Model DOM, potentially changing t...

CVE-2025-52655 HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure...

CVE-2025-52655

CVE-2025-52655 affects HCL MyXalytics 6.6. The flaw is inclusion of functionality from an untrusted control sphere, allowing loading of third‑party scripts without integrity checks or validation. This can cause external code to run in the application's context, risking data exposure. Exploitation...