HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.
History

Tue, 21 Oct 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech unica
Vendors & Products Hcltech
Hcltech unica

Tue, 14 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 13 Oct 2025 04:15:00 +0000

Type Values Removed Values Added
Description HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.
Title HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2025-10-14T20:07:09.399Z

Reserved: 2025-04-01T18:46:35.961Z

Link: CVE-2025-31994

cve-icon Vulnrichment

Updated: 2025-10-14T20:06:44.222Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-10-13T04:15:55.927

Modified: 2025-10-14T19:36:59.730

Link: CVE-2025-31994

cve-icon Redhat

No data.