Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  Security Vulnerabilities
CVE-2025-31993
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-10-12
CVE-2025-52624
A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-10
CVE-2025-52625
A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-10-10
CVE-2025-52635
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-10-10
CVE-2025-52634
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-10-10
CVE-2025-52650
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-10
CVE-2025-52630
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-10-10
CVE-2025-52632
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-10
CVE-2025-52654
HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-10-03
CVE-2025-52656
HCL MyXalytics: 6.6.  is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-10-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved