HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Description

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.

Basic Information

ID CVE-2025-31994

Source HCL

Published Oct 13, 2025 at 03:59

Affected Product

Vendor HCL Software

Product Unica Campaign

Version <= 12.1.10

Affected Versions HCL Software Unica Campaign <= 12.1.10

CWE Classification

CWE-79

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted website.",
    "published": "2025-10-13T03:59:01.076Z",
    "modified": "2025-10-13T03:59:01.076Z",
    "type": "cve",
    "title": "HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124472",
    "id": "CVE-2025-31994",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "HCL Software Unica Campaign <= 12.1.10",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Unica Campaign",
    "version": "<= 12.1.10",
    "vendor": "HCL Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)_CVE-2025-31994