2 matches found
CVE-2025-63401
CVE-2025-63401 is a Cross Site Scripting vulnerability affecting HCLTech DRAGON prior to 7.6.0. The root cause is described as a missing directives issue, enabling a remote attacker to execute arbitrary code. Connected documents (Red Hat, ENISA, NVD, CVE list, CNNVD, etc.) consistently reference ...
CVE-2025-63402
HCLTech GRAGON vuln (CVE-2025-63402) affects GRAGON before v7.6.0. The issue arises from APIs not enforcing limits on the number or size of requests, enabling a remote attacker to execute arbitrary code. Affected product/version is GRAGON prior to 7.6.0; root cause is lack of request throttling/s...