CVE-2024-42210

High CVSS: 7.6

A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

Vendor

Hcltech

Product

Unica

CWE

CWE-79

Yayın Tarihi

2026-03-19 08:16:18

Güncelleme

2026-03-23 14:16:28

Source Identifier

psirt@hcl.com

KEV Date Added

Kategoriler

CWE-79 Unica HIGH Hcltech 2026

Referanslar

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0123760 https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2024-42210/README.md

Benzer Kayıtlar

High

CVE-2025-55263

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or i…

Medium

CVE-2025-55264

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a s…

High

CVE-2025-55261

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his pri…

High

CVE-2025-55262

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensiti…

Low

CVE-2025-55274

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the expo…

Low

CVE-2025-55275

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurren…