CVE-2025-31994

HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)

CVSS 4.3 MEDIUMEPSS 0.2%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Produtos afetados

HCL Software · Unica Campaign

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124472